The organization (as Data Fiduciary) shall ensure:
On becoming aware of any personal data breach, the Data Fiduciary shall, without delay and to the best of its knowledge, inform each affected Data Principal in a concise, clear, and plain manner, using the user account or any registered mode of communication. The intimation shall include:
a. A description of the breach, including:
b. The likely consequences of the breach that are relevant to the Data Principal.
c. The mitigation measures implemented and being implemented by the organization to reduce risks arising from the breach.
d. The precautionary or safety measures that the Data Principal may take to protect her interests.
e. The business contact information of a designated person who can respond to the Data Principal’s queries regarding the breach.
2. Notification to the Data Protection Board
Upon becoming aware of any personal data breach, the Data Fiduciary shall:
a. Without delay, notify the Board with a brief description of the breach, including:
b. Within 72 hours (or such extended time as allowed by the Board upon written request), submit the following detailed information to the Board:
i. An updated and detailed description of the breach.
ii. A summary of the broad facts, events, circumstances, and reasons leading to the breach.
iii. Details of the mitigation measures implemented or proposed, if any.
iv. Findings regarding the person or system that caused the breach, if known.
v. Remedial measures taken to prevent recurrence of such a breach.
vi. A comprehensive report of the notifications given to affected Data Principals.
3. Additional Internal Compliance Measures – The company shall also ensure:
Disclaimer: The information contained in this Article is intended solely for personal non-commercial use of the user who accepts full responsibility of its use. The information in the article is general in nature and should not be considered to be legal, tax, accounting, consulting or any other professional advice. We make no representation or warranty of any kind, express or implied regarding the accuracy, adequacy, reliability or completeness of any information on our page/article.