The Ministry of Communications, in coordination with other authorities, establishes the Program for Strengthening Cybersecurity and coordinates participation in activities required for this purpose and implements its control and inspection. 

The Cuba rules introduced a general requirement for the reporting and notification of actual or suspected personal information breaches. Where personal information is leaked, lost or distorted (or if there is a potential for such incidents), organisations must promptly take relevant measures to mitigate any damage and notify the relevant data subjects and report to the relevant government agencies in a timely manner in accordance with relevant provisions.

Mandatory breach notification

All breaches must be reported according to a four-level security scheme.