SEC bats for data privacy, cyber security compliance | Inquirer Business

SEC bats for data privacy, cyber security compliance

/ 10:35 AM October 10, 2018

 

The SEC has written to the Philippine Stock Exchange (PSE) and the Philippine Dealing & Exchange Corp. (PDEx) to “remind all market participants of the requirements of data privacy and data protection regulations which may have an impact on the business processes of private entities, including capital market participants.”

These entities were required to submit compliance report within 30 days, based on a letter dated Oct. 5 issued by SEC director Vicente Graciano Felizmenio Jr.

Trading participants and other stakeholders of the PSE were likewise required to submit such compliance report.

Article continues after this advertisement

This comes on the heels of reports that the U.S. SEC was now running after firms with deficient cybersecurity systems alongside the report of data breach at the online store of broadcasting giant ABS-CBN.

FEATURED STORIES

The Data Privacy Act of 2012 aims to protect personal data in the information and communication systems, both in the government and the private sector. It mandates entities or organizations processing personal data to establish polices and implement measures that guarantee the safety and security of personal data under their control or custody.

Personal information controllers or personal information processors that employ more than 250 persons are required to register with the National Privacy Commission.  Also required to register are those that have less than 250 employees but whose processing of information includes sensitive personal information of at least 1,000 individuals and likely to pose a risk to the rights and freedom of data subjects.

Article continues after this advertisement

These entities are also expected to produce a privacy manual and institute a privacy management program as part of their corporate governance responsibilities.

Article continues after this advertisement

Under the Securities Regulation Code, the SEC also noted that market participants were mandated to put in place a comprehensive information technology (IT) plan.  They are likewise required subject their IT, trading, business continuity, disaster recovery and risk management systems to a regular review and audit by an independent firm.

Article continues after this advertisement

These requirements are designed to ensure that trading in the market are efficient, not interrupted and not susceptible to glitches.

The SEC added that it would likewise want to ensure protection of personal and other data against any accidental or unlawful destruction, alteration and disclosure, and against any other unlawful processing.  /muf

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS: Business, data security, National Privacy Commission, pdex, Philippine news, PSE, SEC

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.