Data Breach Identification, Response, and Notification
Framework for identifying breaches, managing incidents, and complying with notification obligations.
DPDPA requires data fiduciaries to notify the Data Protection Board and affected data principals within 72 hours of identifying a breach. This framework addresses breach identification, response protocols, and notification requirements.
Breach Definition and Scope
Understanding what constitutes a data breach under DPDPA.
Key Points
- •Unauthorized access to personal data
- •Unauthorized disclosure
- •Loss or destruction of data
- •Impairment of confidentiality, integrity, or availability
- •Threshold considerations (material impact)
Incident Detection and Assessment
Mechanisms for identifying and evaluating breaches.
Key Points
- •Technical detection systems (SIEM, firewalls, IDS/IPS)
- •Human reporting channels
- •Initial assessment procedures
- •Containment and stabilization steps
- •Documentation of discovery
72-Hour Notification Requirement
The statutory obligation for notifying the Data Protection Board.
Key Points
- •Timing: 72 hours from discovery
- •Content requirements: nature, extent, impact
- •Board notification format and submission
- •Simultaneous data principal notification
- •Follow-up reporting requirements
Incident Response & Remediation
Post-breach activities and remediation measures.
Key Points
- •Forensic investigation
- •Root cause analysis
- •Affected party communication
- •Remediation action plan
- •Prevention of recurrence measures
Statutory References
- ⚖Section 4(d): Definition of breach
- ⚖Section 6(2): Breach notification obligation
- ⚖Rule 4: Breach notification procedures
- ⚖Rule 5: Content of breach notification