On April 20, 2022, the NPC launched its Data Breach Notification and Management System (DBNMS) which it hailed as "a user-friendly interface that facilitates easy tracking and faster submission of Personal Data Breach Notifications (PDBNs) and Annual Security Incident Reports (ASIRs)" in accordance with NPC Circular No. 16-03.
Data Breach Notification and Management System
The DBNMS provides for an assessment aid for PICs and PIPs to determine whether they are subject to mandatory data breach notification.
/p>
The main functionality of the DBNMS is to facilitate the submission of PDBNs.
ASIRs should also be submitted through the DBNMS.
Considering the accessibility of the platform, PICs and PIPs
must submit ASIR, even for nil reporting. The presumption that
there is no security incident to report that previously arose from
non-submission of the ASIR no longer applies. The deadline for the
submission of ASIRs for the years 2018 to 2021 is on October 31,
2022, while 2022 ASIRs must be submitted by March 31, 2023. With
the roll-out of the online platform, NPC will only accept PDBNs and
ASIRs through the DBMNS. Submissions through email, personal
filing, ordinary mail, licensed courier service, and any other mode
of physical submission are no longer considered as valid.
National Privacy Commission Registration
System
On February 3, 2023, the NPCRS, an online platform for private and government entities to register their DPS, went live pursuant to NPC Circular No. 2022-04.
Under NPC Circular No. 2022-04, the two-phased process under NPC Circular No. 17-01 was abolished and registration is now a single process to include both the registration of the Data Protection Officer (DPO) and the registration of the DPS. All information (not otherwise tagged as optional) and all supporting documents must be submitted during registration. There is no facility to save a registration as a draft and return to it at a later time.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.