Description

Adopted Personal Data Breach Management Circular (NPC Circular 16-03)

On 10 October 2016, the National Privacy Commission adopted the Personal Data Breach Management Circular (NPC Circular 16-03). The circular outlines guidelines for managing personal data breaches, focusing on prevention, incident response, and notification procedures. It mandates the creation and implementation of a Security Incident Management Policy by personal information controllers or processors, including the establishment of a data breach response team with clear responsibilities and the implementation of security measures to prevent breaches. Additionally, it requires incident response policies for timely discovery, assessment, and notification to the Commission and affected data subjects.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2016-10-10
adopted

On 10 October 2016, the National Privacy Commission adopted the Personal Data Breach Management Cir…

2016-11-19
in force

On 19 November 2016, the National Privacy Commission's Personal Data Breach Management Circular (NP…