What is Data Breach Notification?
Data breach notification is the legal requirement for organizations to inform supervisory authorities and affected individuals when a security incident results in unauthorized access to, or loss of, personal data.
Data breach notification refers to the mandatory obligations under privacy laws for organizations to report personal data breaches to regulatory authorities and, in many cases, to affected individuals. Under the GDPR, controllers must notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to individuals' rights and freedoms. If the breach is likely to result in a high risk, affected individuals must also be notified without undue delay.
Different jurisdictions have varying breach notification requirements. The CCPA requires notification to affected California residents of security breaches involving unencrypted personal information. HIPAA requires notification to individuals, the Secretary of Health and Human Services, and in some cases the media, within 60 days of discovering a breach of unsecured PHI. The DPDPA requires Data Fiduciaries to notify the Data Protection Board and affected Data Principals of any personal data breach.
IQWorks supports breach response through DiscoverIQ for rapidly assessing the scope of compromised data, ClassifyIQ for determining the sensitivity of affected data, and ComplyIQ for managing notification workflows across multiple jurisdictions with different reporting timelines and requirements.
Relevant Regulations
How IQWorks Helps
Related Terms
Supervisory Authority
A supervisory authority is an independent public body established by a country to monitor and enforce compliance with data protection laws, such as the ICO in the UK or the CNIL in France.
Data Encryption
Encryption transforms readable data into an unreadable format using cryptographic algorithms, protecting confidentiality by ensuring only authorized parties with the correct key can access the data.