Protection of Personal Data and Information Security
The General Data Protection Law (LGPD) sought, among other aspects, to establish in Brazil a set of rules for the defense of rights, freedoms and guarantees for the privacy of individuals. The LGPD has also established principles and obligations for companies that collect and process this personal data.
Although the EDP Brasil Group has always kept its strategy in mind, its commitment to safeguarding privacy and protecting the personal data of its customers, employees, suppliers or other third parties, with the beginning of the applicability of the LGPD, procedures were adjusted and policies in place, in order to assess and anticipate the possible risks related to the treatment operations in addition to measures to mitigate them.
The EDP Brasil Group, in its Privacy Policy, provides information about the use of the personal data collected, the rights of its holders and the security procedures in the management of the information, committing itself to the integrity and confidentiality of the processed personal data.
Learn more about Cybersecurity:
It is crucial for the EDP Brasil Group that the access to the network, IT systems and data in general are always ensured. The main ones stem from technical failures, human errors, corrections, natural or terrorist weather events. The risk management, including contingency plans, is crucial to ensure business continuity.
Information Security
The information is a strategic asset of EDP, providing added advantages in terms of innovation, coordination with partners and quality of service to customers. EDP is aware that the information handled in the EDP Group must ensure credibility with the market, customers and employees and for that reason it adopts mechanisms for information security and data privacy to guarantee and reinforce compliance with the current legislation.
Risk Teams focused on Information Security, Data Privacy and Data Protection Compliance
The Data Security and Data Privacy and Data Protection Compliance teams were formed and are responsible for identifying, analyzing and responding to incidents in this area and are supported by the Information Technology teams.Find out more about how the EDP Brasil Group protects its USERS ‘personal data and guarantees privacy within the companies that make up the Group, by accessing our Privacy Policy.
Good Habits
Ensure your security, the security of your online transactions and the protection of your personal data. Learn how to protect yourself from fraudulent attacks.
Learn how to identify E-mails and other fraudulent contacts
E-mails are often used as a gateway for a hacker to gain access to your computer. There are also other ways to obtain your personal data: by phone call or by SMS. Know what to do.
LEARN MORE (see text in Appendix 1)
Phishing
LEARN MORE (see text in Appendix 2)
Security Information
Protect your computer
Learn how to protect your computer information and data while you surf online.
LEARN MORE (see text in Appendix 3)
*********************************APPENDIX 1****************************
Verify the sender’s email domain
Always check that the domains of the email senders are related to the institution that sent them. This precaution is important, even if it is not enough for you to understand whether you are facing a fraud attempt.
Check the address of the sites to which you were directed
In case you are directed to a website, check if you are really on the desired website by looking at the address bar at the top of the page. If you want to access a specific website, directly enter the address in the browser and navigate from there.
Check the links received by email
Hover your mouse over the links in the emails and check what appears in the bar below. If it is from a trusted institution, confirm the veracity of the content. If it is not a regular address, has a common structure and nomenclature, or if it is not related to the subject, do not click.
Check the email attachments
Do not open attachments without first making sure that the content is safe.
Do not provide personal information by email, phone call or SMS
Even if requested, do not provide personal and/or confidential information, such as bank card number, login or password, by email, phone call or SMS.
*********************************APPENDIX 2****************************
What is phishing (sending fraudulent e-mails or SMS) and what is its purpose?
Phishing scams are characterized by the practice of sending emails or SMS that apparently belong to a certain entity or organization (they are usually faithful copies), and contain misleading messages in order to lead the user to reveal confidential information – for example username and password to access secure sites such as banks, credit card numbers, etc. – or inadvertently installing malicious software (malware) that can allow remote access to your computer.
What can I do to distinguish these types of messages and to avoid their consequences?
The form of protection against these attacks follows the rules common to the safe use of the internet which are:
never send personal information that is requested by email or SMS, such as: credit card number, username, password or other private information. EDP will never ask you for this type of information through this communication vehicle;
do not click on suspicious email or SMS links. If you want to access the content, search directly in the browser for the address of the entity referred to in the message and navigate from there;
in case of doubt, contact the entity to confirm the accuracy of the email or SMS, but never use the contacts indicated in the email or SMS. Do it the way you usually do, via official channels available on the website;
make sure you update the software you use on your computer, including the browser and protection software like antivirus and firewall;
Where do I get the email addresses for sending this type of messages?
The email addresses or contact phone numbers used to send phishing emails on behalf of EDP were not obtained from any EDP database. The information is usually collected through contact lists of users whose equipment, connected to the internet, is infected with malware, propagating the phishing scam.
What to do for those caught in the phishing scam?
If a user has clicked on the link sent by the fraudulent message and executed the attached file. The user must:
Seek for specialized technical help, indicating that you have installed malware, the victim of a phishing scam (show email or SMS). There are some technical indications for cleaning infected machines. We recommend that they be performed by experienced users, as they include the execution of some commands that, if performed incorrectly may leave the equipment unusable and not solve the problem completely.
change the passwords for the most sensitive accesses (eg: change bank passwords), on secure equipment, do not ue any computer or equipment that may have been affected and that is not proven to be “clean”.
*********************************APPENDIX 3****************************
Protect your equipment with a secure password
- Do not include personal information:
Mainly first names, dates of birth, number of identification documents etc.
- Avoid using passwords similar to the previous ones:
Whenever you update your password, change more than one of the characters.
Keep your computer protected and up to date
- Install and keep an antivirus and firewall system up to date:
Antivirus helps protect your computer from most viruses, trojans, worms and other types of malicious programs that can severely damage your computer. A firewall helps prevent unauthorized remote access to your computer’s data or resources. Not keeping your antivirus up to date is like not having an antivirus.
- Keep the software you use on your devices up to date:
Update your browser, applications and operating system regularly. Most attacks are made by exploiting flaws in the applications that users use. Whenever there are vulnerabilities in the software that could compromise the security of the computers, the software vendors fix it, with the publication of updates. If you do not update the software, you increase the risk of exposure to possible attacks by exploiting these flaws.
- Use properly licensed software and applications from trusted suppliers / stores.
- Do not install programs / software without checking the credibility of the source in advance.
Pay attention to the browser
- Do not click on questionable links.
If during navigation you identify a doubtful link, unrelated to the subject, do not click.
- Check that the websites accessed are certified by looking at the symbol on the left side of the address bar.
This symbol guarantees that the information sent or received by website is private. All EDP Group sites are certified. If you access a website and find that it is not secure, do not enter any data
- Check that the websites accessed start with HTTPS //.
This information ensures that communications between your computer and the websites are encrypted.
- Check if that data received from third parties are free of viruses.
Before opening documents or installing software sent by third parties, submit the files to an antivirus program.