Philippines: Adopted NPC Circular 16-03 on Personal Data Breach Management

On 20 September 2018, the Philippine National Privacy Commission (NPC) adopted the Circular 16-03 on Personal Data Breach Management. The Guideline is applicable to any personal data processor who is subject to the Data Privacy Act of 2012 (Republic Act No. 10173). The Guidelines prescribe the data processor to implement a Security Incident Management Policy as well as a data breach response team in order to ensure a quick reaction to a data breach. Further, the Guidelines define preventive and security measures that could be implemented as well as policies and procedures after a data breach has occurred. Additionally, the Guidelines define when a notification to the National Privacy Commission or the data subjects is necessary. The Guideline enters into effect 15 days after its publication in the Official Gazette.