Are there any data breach notification requirements?
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Local data protection regulations have required data controllers to report such breaches in certain circumstances.
Pakistan does not currently have a breach notification requirement. That said, if the draft Personal Data Protection Bill 2021 (Bill 2021) passes, there may be a breach notification requirement in the future. In its current form, Bill 2021 requires data controllers to notify the Data Protection Authority of a breach without undue delay (less than 72 hours).