Preparing for India's Breach Notification Law: Applying Controls
India's newly proposed data protection framework, prepared by the expert committee chaired by Justice B. N. Srikrishna, and its upcoming mandatory breach notification requirements, raise some compelling questions.
This panel shares its insights on:
- What would constitute a personal data breach under the new law?
- What would qualify as a data breach that requires notification?
- Are the proposed penalties for violating the law justified?
- What would happen to Section 43 A of the IT Act 2000, which deals with data security, if the new data protection bill becomes law?
- What kind of security controls or standards are needed?