Guidance Note On Preparation And Response To A Data Breach

An increased reliance on technology and the ubiquity of data storage online has led to businesses being increasingly vulnerable to the threat of cyber-attacks. The response team may constitute an executive duly empowered to make decisions, information technology personnel to assess the technical extent of the breach, legal counsel and representatives from the company administration to streamline the business's immediate response to a data breach. The business may consider utilising alternate modes of communications, such as a secure and uncompromised external email address, to communicate information regarding the data breach response. This may include assessing if the data breach may be considered a 'notifiable data breach' under applicable law, and if regulatory authorities, insurers, and/or the affected data subjects are required to be notified. Businesses must note that other regulatory agencies may prescribe different timelines for reporting a data breach; for example, the Reserve Bank of India requires breaches to be reported witing two to six hours of occurrence.