Skip to main content

Q1 - What exactly counts as a “data breach” under DPDPA?

Answer

A personal data breach is any unauthorized or accidental event that results in:

  • Access to personal data by someone not authorized,
  • Disclosure of data to unintended parties,
  • Alteration or destruction of personal data,
  • Loss of personal data (including theft, misplacement, or accidental deletion).
Examples
  • A hacker steals Aadhaar-linked bank account details from XYZ Bank.
  • An employee of ABC Hospital mistakenly emails patient reports to the wrong recipient.
  • A laptop containing customer KYC details from ABC Stock Brokers is lost without encryption.

Even accidental events (like sending an email to the wrong address) can count as a breach.