Under the DPDP Act 2023, a personal data breach means any unauthorised processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction of, or loss of access to personal data that compromises the confidentiality, integrity, or availability of personal data. Upon becoming aware of a breach, the Data Fiduciary must notify the Data Protection Board and each affected Data Principal in the prescribed manner. Failure to notify carries penalties up to Rs 100 crore. Additionally, CERT-In Directions (2022) require reporting cyber security incidents within 6 hours.
A ransomware attack on a hospital database exposing patient records is a personal data breach requiring notification under DPDP.
Need Expert Advice on Personal Data Breach?
For specific advice on how Personal Data Breach applies to your debt recovery matter, consult Advocate Subodh Bajpai — LLM, MBA (XLRI Jamshedpur). 8+ years of exclusive banking and debt recovery practice across DRT, SARFAESI, IBC, and NI Act.
Defined by Advocate Subodh Bajpai, Senior Partner, Unified Chambers and Associates