JLR Cyberattack pushes TCS to standardize security for top clients- Aniket Ghosh shares insights.

In a recent Mint article, Aniket Ghosh shed light on the far-reaching implications of the Jaguar Land Rover (JLR) payroll data breach, emphasizing the multi-jurisdictional risks tied to employee data exposure.

Aniket Ghosh stated: “The Jaguar Land Rover payroll data incident exemplifies multi-jurisdictional cyber risks tied to employee data exposure. In the UK-JLR’s headquarters jurisdiction-the breach triggers UK GDPR and Data Protection Act 2018 scrutiny, with the ICO now reviewing notification adequacy; severe security or reporting shortfalls could attract fines up to £17.5 million or 4% of global turnover, compounded by employee compensation claims for distress. In the US, without unified federal privacy legislation, compromised staff identifiers (SSNs, bank details) activate state-specific breach notification laws, commonly fuelling class actions that probe safeguard adequacy and future harm risks. In India, under the Information Technology Act’s CERT-In’s 2022 Directions enforce immediate 6-hour reporting of such incidents, including data leaks, for body corporates like JLR, spotlighting operational resilience; meanwhile, Digital Data Protection Act’s breach obligations to the Board and individuals remain deferred until the 18-month transition concludes around mid-2027, demanding early compliance readiness.”

His remarks focus on the complex compliance landscape that global corporations must navigate when facing cyber incidents. The JLR breach illustrates how a single event can trigger regulatory scrutiny across multiple jurisdictions namely UK, US, and India each with distinct obligations, penalties, and enforcement mechanisms.

Read more: https://www.livemint.com/companies/news/tcs-cybersecurity-pilots-jlr-breach-client-risk-11766023664527.html