Data Privacy Detective - How Data Is Regulated, Managed, Protected, Collected, Mined, Stolen, Defended And Transcended.

Through a new cybersecurity regulation, businesses in India will have six hours to report cyberattacks to the government, pursuant to a regulation that comes into force at the end of June 2022. On April 28, 2022, the Indian Computer Emergency Response Team – CERT – part of the Ministry of Electronics and Information Technology, announced regulations that include the world’s most time-sensitive deadline for reporting cyber incidents to the government. Stephen Mathias, head of the Technology Law Practice at the premier Indian law firm Kochhar & Co., presents the substance, challenges, and ambiguities of this pioneering effort. The regulation covers cyberattacks regardless of whether personal data is involved. In comparison to other global reporting requirements (such as GDPR’s 72-hour deadline for reporting breaches of personal data), the 6-hour deadline is daunting and perhaps unworkable. Wording covers attacks even if not successful, in effect requiring Indian businesses to report in real-time the stream of