Firms told to submit privacy incident reports by March

THE National Privacy Commission (NPC) is setting a March deadline for the submission of the 2017 Annual Incident Report of personal information controllers (PICs).

In a statement on Thursday, the data-privacy authority reminded the designated personal-information controllers of businesses to submit the report of security incidents that affect personal data under a PIC’s control, including the number of security incidents that affect personal data in each calendar year.

According to the Data Privacy Act, a PIC is any person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.

As per the circulars of the NPC, PICs are tasked to report annually these security incidents, or those events that have an impact on the availability, integrity or confidentiality of personal data, even if these adverse events prove unsuccessful.

Among the security incidents included in the report’s scope are cyber attacks on a personal-information database, and unauthorized alteration in a database that alters the personal records of an individual, to that individual’s detriment. But cyber attack that uncovers industrial secrets but which do not involve processing of personal information does not fall under the definition of a security incident.

NPC Commissioner Raymund Liboro said, with the March deadline, PICs can review their privacy program and collation of the report.

“We want to give PICs ample opportunity to audit their privacy program and improve their organization’s efficiency in the way they manage their security incidents. These reports are an essential signpost of any PIC’s commitment to protecting the personal data of its customers and employees. I encourage the PICs concerned to check the NPC web site for further guidance,” Liboro said in a statement.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Article

DNL unit receives govt approval to operate in Batangas ecozone

Next Article

Philab brings Italian maker of pharma machines into PHL

Related Posts

Read more

SCCP migrates to new clearing and settlement technology

The Securities Clearing Corporation of the Philippines (SCCP), a wholly-owned subsidiary of The Philippine Stock Exchange, Inc. (PSE), successfully transitioned its clearing and settlement (C&S) system to the Millennium Post Trade solution on March 27, 2023. The shift to the new C&S system will enhance SCCP’s clearing, settlement, risk and collateral management capabilities.