Philippines: Implemented NPC Circular 16-03 on Personal Data Breach Management

On 5 October 2018, the Circular 16-03 on Personal Data Breach Management entered into force. The Guideline is applicable to any personal data processor who is subject to the Data Privacy Act of 2012 (Republic Act No. 10173). The Guidelines prescribe the data processor to implement a Security Incident Management Policy as well as a data breach response team in order to ensure a quick reaction to a data breach. Further, the Guidelines define preventive and security measures that could be implemented as well as policies and procedures after a data breach has occurred. Additionally, the Guidelines define when a notification to the National Privacy Commission or the data subjects is necessary.