Deadline for Annual Reports of security incidents set on 31 March 2018
This just in from the National Privacy Commission (hat tip to Newsbytes.PH [http://newsbytes.ph/2018/01/04/npc-sets-march-deadline-for-2017-security-incident-report/]): The deadline for the submission of the annual security incident report is on 31 March 2018. Reports are submitted via email to email@example.com.
In case you're wondering what that report is, Section 46 (c) of the Data Privacy Act's Implementing Rules and Regulations require personal information controllers to document and record personal data breaches and security incidents. The annual report consists of a summary of the documented data breaches and security incidents. I haven't seen a format of the report yet, and the NPC website (privacy.gov.ph) appears to be down at the moment (that is, around 4PM of 04 January).
With this latest pronouncement of the NPC, it looks like March will be a busy month for Data Protection Officers across the country. You may recall that the deadline set for the registration of personal data processing systems is 08 March 2018. Aside from NPC Circular No. 2017-01 issued in July 2017, the NPC has not given additional guidelines/information on the registration. There is also no word yet when the registration portal will become available (though the NPC earlier said that registration via the portal will start in January 2018).
Update: Here is the NPC's press release on the submission. The press release goes into further detail on the definition of "security incidents."
Will keep you posted when I learn more.