A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Local data protection regulations have required data controllers to report such breaches in certain circumstances.
Companies and individuals are mandated to report specific types of cyber security incidents to the Indian Computer Emergency Response Team (CERT-In) as soon as possible under the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013. These include:
In addition to these reporting obligations, CERT-In can request information and give direction to entities relating to cybersecurity (with potential penalties including jail time for noncompliance) (The Information Technology Act, 2000 and its amendments).
HR Best Practices: Make sure to follow any security and data protection controls outlined in your company’s security policies (this includes regular audits by independent agencies). In the event of a possible cybersecurity incident, reach out to the Indian Computer Emergency Response Team as soon as possible.