NPC wants private, public sectors to submit data security incident reports | Inquirer Business

NPC wants private, public sectors to submit data security incident reports

/ 04:12 PM January 05, 2018

SMALL firms need to protect their data, customers and money against ever-present online threats. INQUIRER stock photo

The National Privacy Commission (NPC) wants companies and government agencies to submit a report on security incidents that have affected the personal data of their consumers, even if these incidents were unsuccessful.

In a statement, the NPC said it is requiring “personal information controllers” (PICs) in both the public and private sector to submit an annual security incident report. The commission opened the submissions on January 3, keeping it open up to the end of March.


According to the implementing rules and regulations of the Data Privacy Act, a personal information controller controls the processing of personal data, or instructs someone else to process the data on its behalf.


The annual report is supposed to contain information on the security incidents that affect personal data under a PIC’s control, including the number of security incidents that affect personal data in each calendar year.

NPC said that PICs must document adverse events that have an impact on the availability, integrity, or confidentiality of personal data, even if these adverse events were unsuccessful.

These so-called adverse events range from data breaches to “brute force” attacks in databases. The report, however, does not include cyberattacks that reveal industrial secrets that do not involve the processing of personal data.

Privacy Commissioner and Chairman Raymund Enriquez Liboro said the more than three-month window is meant to give PICs ample time to prepare a complete report.

“These reports are an essential signpost of any PIC’s commitment to protecting the personal data of its customers and employees. I encourage the PICs concerned to check the NPC website for further guidance,” Liboro said.

“When properly collated, the data becomes an invaluable management resource that enables a PIC to assess its reaction time for every crucial event,” he added, noting that it would provide information on details surrounding security incidents, from their discovery to the deployment of necessary contingency measures.  /jpv

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS: Business, data, Data Privacy Act, NPC

© Copyright 1997-2024 | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.