NPC wants private, public sectors to submit data security incident reports | Inquirer Business

NPC wants private, public sectors to submit data security incident reports

/ 04:12 PM January 05, 2018

SMALL firms need to protect their data, customers and money against ever-present online threats. INQUIRER stock photo

The National Privacy Commission (NPC) wants companies and government agencies to submit a report on security incidents that have affected the personal data of their consumers, even if these incidents were unsuccessful.

In a statement, the NPC said it is requiring “personal information controllers” (PICs) in both the public and private sector to submit an annual security incident report. The commission opened the submissions on January 3, keeping it open up to the end of March.


According to the implementing rules and regulations of the Data Privacy Act, a personal information controller controls the processing of personal data, or instructs someone else to process the data on its behalf.

The annual report is supposed to contain information on the security incidents that affect personal data under a PIC’s control, including the number of security incidents that affect personal data in each calendar year.


NPC said that PICs must document adverse events that have an impact on the availability, integrity, or confidentiality of personal data, even if these adverse events were unsuccessful.

These so-called adverse events range from data breaches to “brute force” attacks in databases. The report, however, does not include cyberattacks that reveal industrial secrets that do not involve the processing of personal data.

Privacy Commissioner and Chairman Raymund Enriquez Liboro said the more than three-month window is meant to give PICs ample time to prepare a complete report.

“These reports are an essential signpost of any PIC’s commitment to protecting the personal data of its customers and employees. I encourage the PICs concerned to check the NPC website for further guidance,” Liboro said.

“When properly collated, the data becomes an invaluable management resource that enables a PIC to assess its reaction time for every crucial event,” he added, noting that it would provide information on details surrounding security incidents, from their discovery to the deployment of necessary contingency measures.  /jpv

Read Next
Don't miss out on the latest news and information.

Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.

TAGS: Business, data, Data Privacy Act, NPC, PICs
For feedback, complaints, or inquiries, contact us.

Curated business news

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2022 | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.