Organizations that notice breaches of personal data may have to immediately alert users and flag them to the Data Protection Board, followed by a detailed filing within 72 hours. The government may release draft rules on the matter this week, a person aware of the matter said.

       The first report to the board must specify the nature of the breach, its location, duration, amount of data involved and its potential impact, while the detailed report must include the circumstances and reasons that led to the breach, and steps to mitigate risk to users and prevent a repeat.

       Hi! You're reading a premium article! Subscribe now to continue reading Subscribe now Already subscribed? Login

       Premium benefits

       35+ Premium articles every day

       Specially curated Newsletters every day

       Access to 15+ Print edition articles every day

       Subscriber only webinar by specialist journalists

       E Paper, Archives, select The Wall Street Journal & The Economist articles

       Access to Subscriber only specials : Infographics I Podcasts

       Unlock 35+ well researched

       premium articles every day

       Access to global insights with

       100+ exclusive articles from

       international publications

       Get complimentary access to

       3+ investment based apps

       TRENDLYNE Get One Month GuruQ plan at Rs 1

       FINOLOGY Free finology subscription for 1 month.

       SMALLCASE 20% off on all smallcases

       5+ subscriber only newsletters

       specially curated by the experts

       Free access to e-paper and

       WhatsApp updates

       Not convinced yet?

       Share your contact details and

       we will get in touch with you…

       = 48 && event.charCode Confirm

       Thanks for sharing your number