Faced with the need to expand security mechanisms constantly, we mapped, in 2021, the main weaknesses of the Company's systems, with firewall devices set by a specialized manufacturer. To reduce the risks regarding corporate data and protect customers' privacy, we have adopted remediation plans, including data encryption, corrections of flaws evidenced in tests that reproduce cyber-attacks, conses data backups, and guarantees low unavailability of our tools by monitoring network availability, besides successive hardware upgrades.
Data protection and customer privacy also rely on a big data tool, which monitors the registration of suppliers, protects corporate data and prevents money laundering.
On another front, we set up a team exclusively dedicated to implement and develop actions to adapt Even to the Personal Data Protection General Law (LGPD). These initiatives prevented the Company from leaks, theft or loss of customer data during the year.
In 2021, we received 65 calls from holders. Among them, 07 intended to revoke consent, 42 to delete data, 14 to consult data, 1 to correct data and 1 to inform about the conduct of independent brokers. We have verified and concluded all calls by the end of the year.
In 2019, we received a notice of infraction for phone harassment (people who asked for their exclusion in mailing). To fully remove the obligation to settle this administrative proceeding, since there was no disrespect on Even’s part, we have filed a lawsuit requesting the nullity and suspension of the fine, and we are awaiting the decision. In 2021, no legal claims were registered.
We have an LGPD Committee, including the Legal, Project Office, Compliance and IT departments, to discuss, align, and monitor the adjustments to be implemented in the Company's systems, activities, and operational routines. Even also has an independent legal office responsible for data protection and Even’s DPO (Data Protection Officer), responsible for communicating with data subjects and local authorities.
Based on the main risks mapped by the committee regarding the protection of the Company's and its customers' data, we list several measures to avoid and/or mitigate these risks, most already implemented and others in progress, as follows:
Treaties
In Progress*
*baseline: 12/31/2021