This report examines India's data breach trends, fiduciary behavior, and compliance gaps under the DPDP Act, 2023, featuring case studies and insights to enhance privacy and security standards.
Authors: Rakesh Maheshwari, Dedipyaman Shukla
In August 2023, the Digital Personal Data Protection Act was passed into law, marking a paradigm shift in India’s data protection and privacy standards. One of the key aspects of this legislation is the attempt to minimize the risks stemming from personal data breaches. The following two-part report examines compliance with cyber security incident reporting, specifically data breaches under the present Information Technology Act, 2000 to identify expectations for breach intimation under the newly introduced Digital Personal Data Protection Act, 2023.
Part I of this report focuses on the existing compliance landscape and empirically analyses past trends in data fiduciary behavior, while highlighting systemic gaps in regulation and compliance. Part II assesses the new Digital Personal Data Protection Act’s specific implementation challenges, in light of the findings under Part I, and recommends measures for effective breach management from a regulatory capacity standpoint.
Anticipating Compliance with the Digital Personal Data Protection Act, 2023 on Data Breaches in India
Authors: Rakesh Maheshwari, Dedipyaman Shukla
In August 2023, the Digital Personal Data Protection Act was passed into law, marking a paradigm shift in India’s data protection and privacy standards. One of the key aspects of this legislation is the attempt to minimize the risks stemming from personal data breaches. The following two-part report examines compliance with cyber security incident reporting, specifically data breaches under the present Information Technology Act, 2000 to identify expectations for breach intimation under the newly introduced Digital Personal Data Protection Act, 2023.
Part I of this report focuses on the existing compliance landscape and empirically analyses past trends in data fiduciary behavior, while highlighting systemic gaps in regulation and compliance. Part II assesses the new Digital Personal Data Protection Act’s specific implementation challenges, in light of the findings under Part I, and recommends measures for effective breach management from a regulatory capacity standpoint.
Read the executive summary here.
Part 1 – direct link
Part 2 – direct link
Find the Annexure here.