The Brazilian Financial System, Cyber Security Policy and Personal Data Protection

Abstract

Purpose ”“ This work intends to map and analyze, through the polycentric regulation proposal introduced by Julia Black, the contribution of the actors involved in the creation of the data protection regulatory legal regime in financial system, after the introduction of the cyber security policy by the Central Bank of Brazil, the approval of the General Data Protection State and new financial business models. Methodology ”“ It first analyses the regulatory and statutory norms associated with data protection in the financial system, combined with the cyber security policies published by financial institutions. After this, it identifies the actors who contribute to the regulatory environment and their respective regulatory role. The final step is the creation of a table to categorize each actor’s functions in the regulatory regime. Findings ”“ The research concludes that the contracts between financial institutions and technology play a major role on creating and hybrid regulatory environment for data protection. Originality ”“ The work is an original analysis of the data protection regulatory legal regime in financial system, using polycentric regulation not only as a theoretical reference, but also as a methodological framework.