Data breach reporting system up and running

THE NATIONAL Privacy Commission (NPC) said it has launched a reporting system for data breaches that facilitates notifications in instances where data has been compromised.

In a statement, the NPC said the system, called the Data Breach Notification Management System (DBNMS), was launched on April 20. The system aids personal information controllers (PICs) in submitting annual security incident reports and personal data breach notifications as required by NPC Circular No. 16-03.

“The DBNMS addresses the limitations of manual submission and processing, as well as increases public transparency by allowing PICs to access pertinent and real-time information on their data breach notification,” the NPC said.

Privacy Commissioner John Henry D. Naga said that the data privacy efforts go “hand-in-hand with embracing emerging technologies that will revolutionize data privacy and protection. Hence, the NPC continuously adopts and implements digitization of our processes to efficiently achieve our objectives.”  

Following the launch of the DBNMS, the NPC said it will no longer accept Breach Notification and Annual Security Incident Reports via e-mail, personal filing, ordinary mail, licensed courier service, and other mode of physical submission.

The commission added that a PIC, including those with multiple branches or offices, can only have one account in the online system.

“If the PIC has other related companies or entities, each company or entity must register in the system under separate accounts. The company or entity is responsible for maintaining and submitting its reporting requirements to the NPC,” it said. —  Revin Mikhael D. Ochave