NPC wants private, public sectors to submit data security incident reports | Inquirer Business

NPC wants private, public sectors to submit data security incident reports

/ 04:12 PM January 05, 2018

SMALL firms need to protect their data, customers and money against ever-present online threats. INQUIRER stock photo

The National Privacy Commission (NPC) wants companies and government agencies to submit a report on security incidents that have affected the personal data of their consumers, even if these incidents were unsuccessful.

In a statement, the NPC said it is requiring “personal information controllers” (PICs) in both the public and private sector to submit an annual security incident report. The commission opened the submissions on January 3, keeping it open up to the end of March.

Article continues after this advertisement

According to the implementing rules and regulations of the Data Privacy Act, a personal information controller controls the processing of personal data, or instructs someone else to process the data on its behalf.

FEATURED STORIES

The annual report is supposed to contain information on the security incidents that affect personal data under a PIC’s control, including the number of security incidents that affect personal data in each calendar year.

NPC said that PICs must document adverse events that have an impact on the availability, integrity, or confidentiality of personal data, even if these adverse events were unsuccessful.

Article continues after this advertisement

These so-called adverse events range from data breaches to “brute force” attacks in databases. The report, however, does not include cyberattacks that reveal industrial secrets that do not involve the processing of personal data.

Article continues after this advertisement

Privacy Commissioner and Chairman Raymund Enriquez Liboro said the more than three-month window is meant to give PICs ample time to prepare a complete report.

Article continues after this advertisement

“These reports are an essential signpost of any PIC’s commitment to protecting the personal data of its customers and employees. I encourage the PICs concerned to check the NPC website for further guidance,” Liboro said.

“When properly collated, the data becomes an invaluable management resource that enables a PIC to assess its reaction time for every crucial event,” he added, noting that it would provide information on details surrounding security incidents, from their discovery to the deployment of necessary contingency measures.  /jpv

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS: Business, data, Data Privacy Act, NPC

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.