Guidelines on data breaches
The FDPIC has published guidelines on reporting data security breaches.
In its very first article, the Data Protection Act (FADP) states that its aim is to protect the personality and fundamental rights of natural persons whose data is processed. Article 24 FADP governs the obligations of data controllers and the rights of data subjects in the event of a breach of data security when personal data are processed. Under Article 5 letter h FADP, a data security breach is to be assumed if personal data are accidentally or unlawfully lost, deleted, destroyed or modified, or if the data are disclosed or made accessible to unauthorised persons.
These FDPIC guidelines deal with the legal notification requirements for data security breaches to the FDPIC, in particular the notion of a ‹likely high risk› as defined in art. 24 para. 1 FADP. They also define the requirements for informing the data subjects in the event of a data security breach in accordance with art. 24 para. 4 FADP.
More information
DataBreach
The FDPIC provides the data controllers with an online form with which they reports can be submitted in a digital and secure manner. After submitting the report, the data controller can download a confirmation with the submitted data.