Security Breaches: what’s your legal obligations and how to survive to a breach ?

In Switzerland, the revision of the Data Protection Act will introduce a data breach notification obligation when personal data are at stake, similar to what prevails in most US States and what will be the standard in the EU with the GDPR. This is a huge change of paradigm. Companies shall be ready and trained to face those new obligations. However, they first need to understand what is mandatory and the risks they are facing. Not disclosing a breach when required is a criminal offense, but the company often does not want to disclose a breach if this is not necessary, or simply prefer to disclose it latter. We will cover the upcoming legal obligations applicable mainly to Swiss based organizations and the best practices to implement.