Jun 26, 20183 minNPC clarifies reporting requirements with Advisory No. 2018-01[ETA: The NPC has released the updated/revised guidelines. Here's the link to the issuance.] Earlier this week, the National Privacy Commission released NPC Advisory No. 2018-01 (Guidelines on Security Incident and Personal Data Breach Reportorial Requirements). The issuance has disappeared from the NPC website. I'll be adding a link to it when it goes back up. The Guidelines provided templates for the NPC’s reporting requirements: Summary of Annual Security Incident and Pers
Feb 28, 20181 minNew deadline to be set for the annual report of security incidentsAt last night's meeting KnowledgeNet meeting of the local chapter of the International Association of Privacy Professionals (IAPP), Deputy Commissioner Leandro Angelo Aguirre of the National Privacy Commission announced that submission of the annual report of security incidents will be postponed to a later date. The move comes after the NPC received a lot of queries on the nature of security incidents to be included in the report. The NPC earlier issued a press release detail
Nov 2, 20171 minDrafting privacy notices and consent formsThe end of the year comes in a few weeks. After that, I expect that Data Privacy compliance once again shifts into high gear as companies work toward completion of their respective registrations with the National Privacy Commission. I am sure that, by now, there is much awareness of the next deadline from the NPC coming up: March 8 is the last day for registration of your personal data processing systems. Registration of the personal data processing systems is just one of the
Aug 2, 20173 minWhat you should know before choosing a DPOHave your company named its Data Protection Officer (DPO)? I realize that many companies are in a quandary on who to pick as the DPO. The Data Protection Act, as well as the National Privacy Commission’s (NPC) Advisory No. 2017-01 on the designation of Data Protection Officers, describes the responsibilities of the DPO but only specifies general qualifications for the job (i.e., “expertise in the relevant privacy or data protection policies and practices”). “Should the DPO be