Data breach liability

Swiss organisations must protect personal data through appropriate technical and organisational measures and assess incidents that compromise confidentiality, integrity or availability. Liability may arise from data protection law, contract, tort, employment law, professional secrecy or sector-specific regulation. Depending on risk and circumstances, notification to the competent authority or affected persons may be required. Key issues include preparedness, logging, vendor oversight, encryption, incident response and proof of harm. Cross-border breaches may also trigger foreign notification duties, especially where EU residents or services are involved.