Philippines: Adopted Personal Data Breach Management Circular (NPC Circular 16-03)

On 10 October 2016, the National Privacy Commission adopted the Personal Data Breach Management Circular (NPC Circular 16-03). The circular outlines guidelines for managing personal data breaches, focusing on prevention, incident response, and notification procedures. It mandates the creation and implementation of a Security Incident Management Policy by personal information controllers or processors, including the establishment of a data breach response team with clear responsibilities and the implementation of security measures to prevent breaches. Additionally, it requires incident response policies for timely discovery, assessment, and notification to the Commission and affected data subjects.