Announcement

CALL FOR PUBLIC INPUT

Guidelines on Biometric Data

The Data Privacy Act of 2012 (DPA) mandates the National Privacy Commission (NPC) to monitor the country’s compliance with international standards for data protection. Pursuant to this mandate, the NPC is currently crafting an issuance on biometric data.

The NPC wants to hear from you.

To create responsive regulations, the NPC requests inputs on your experiences, issues, and concerns on the processing of biometric data, which is broadly understood to be personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person which allow or confirm the unique identification of that natural person, such as but not limited to, facial image, voice pattern, keystroke dynamic, fingerprint, and palm print.

The submission of concrete examples and use cases detailing these issues will be greatly appreciated. Your contributions will truly help in the creation of sound policies in the furtherance of the right to data privacy in the country.

You may submit your comments, recommendations, and papers to [email protected] until 30 May 2025 with the following subject: “Call for Public Input – Biometric Data”

We look forward to your responses. Thank you.

Do you have

COMPLIANCE, REGISTRATION, BREACH, INCIDENT REPORT

related concerns?

For registration related inquiries, you may reach us through email at [email protected]

For system [NPCRS] related inquiries, please email us at [email protected]

For Breach Notification and Annual Security Incident Report related inquiries, please email us at [email protected]

DATA PRIVACY COMPETENCY PROGRAM ANIMATED VIDEOS

Under the Data Privacy Competency Program, the National Privacy Commission (NPC) released a series of animated videos that break down data privacy concepts and principles into bite-sized and easy-to-understand pieces. The videos are available in English, Tagalog, and Bisaya.

All videos are free for personal and educational use. You may access them here.

The deadline for the submission of the 2024 Annual Security Incident Report (“ASIR”)

The deadline for the submission of the 2024 Annual Security Incident Report (“ASIR”) is on 31 March 2025. All Personal Information Controllers and Processors (PIC/PIPs) are required to submit their ASIR regardless of their classification on the registration requirement under NPC Circular No. 2022-04.

Please note that ASIR can no longer be updated nor edited once submitted through the Data Breach Notification Management System (DBNMS). If uncertain with the information to be included, use the “Save as Draft” option.

If there is an error in the submitted ASIR, request to delete said report by sending an email to [email protected]. Once deleted, proceed to “Create a new report”.

The submission of ASIR shall only be through the DBNMS. Any other modes of submissions shall not be considered valid.

For concerns relating to the DBNMS, please email [email protected].

NPC Advisory 2024-04: Guidelines on the Application of Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and the Issuances of the Commission to Artificial Intelligence Systems Processing Personal Data

The National Privacy Commission (NPC) issued NPC Advisory No. 2024-04 which provides guidelines on artificial intelligence systems processing personal data.

For more information, you may access the Advisory here.

NPC Advisory 2024-03: Guidelines on Child-Oriented Transparency

The National Privacy Commission (NPC) issued NPC Advisory No. 2024-03 which provides guidelines on child-oriented transparency.

For more information, you may access the Advisory here.

For additional guidance, FAQs are available here.

NOTICE OF PUBLIC CONSULTATION: DRAFT NPC CIRCULARS ON THE PHILIPPINE PRIVACY MARK CERTIFICATION PROGRAM

Concerned organizations, stakeholders, and other interested parties are invited to submit their valuable inputs regarding the new draft circulars to be implemented by the National Privacy Commission (NPC).

To access the draft NPC Circulars on the Philippine Privacy Mark (PPM) Certification Program, please access the following:

1. Certification Scheme for Certification Bodies
2. Certification Scheme for Applicant Organizations
3. Criteria for Data Protection and Privacy Management Systems (DPPMS)

These draft circulars aim to provide guidelines and requirements both for certification bodies and applicant organizations under the PPM.

The Draft Circular can be accessed at this link:

DIT_Circular-PPM-DPPMS-Requirements

NPC Circular Year Part I

NPC_Circular_PPM-CertSchemePart2

The Commission will conduct a virtual public consultation on 05 December 2024 from 10:00am-12:00pm via MS Team Link.

Please send your comments/suggestions/opinions and other valuable inputs to [email protected] no later than 12 December 2024.

ANNOUNCEMENT ON DATA PRIVACY COMPETENCY PROGRAM

The Data Privacy Foundational Course is focused on the fundamental and operational
aspects of the DPA essential for anyone who seeks to have a better understanding of the DPA and its application to actual situations. An overview of the curriculum is now available here.

A Training Provider must satisfy the general requirements provided in Section 5 of NPC Circular 2023-02. It must also have appointed a Data Protection Officer (DPO) and registered its DPO and Data Processing Systems, if any, with the NPC. An updated copy of the Training Provider Application Form is available here.

Interested and qualified Training Providers for the Data Privacy Foundational Course may submit the accomplished Training Provider Application Form and supporting documents to the NPC (General Records Unit) beginning 15 May 2024. Please address your submission to the Data Privacy Competency Program Committee (DPCPC).

For questions, please contact us at [email protected]

.

ANNOUNCEMENT ON RENEWAL OF NPCRS REGISTRATION

All Data Protection Officers (DPOs) are advised to monitor their NPCRS platform for
notifications on their renewal. Notifications in the NPCRS are triggered thirty (30) days before expiration of
current registration. As such, all Personal Information Controllers (PICs), Personal Information Processors
(PIPs), and Individual Professionals should endeavor to renew their registration within the 30-day period to
avoid erasure of the details of their prior registration from the system.

Submission through email, personal filing, ordinary mail, licensed courier service
and other mode of physical submission shall not be considered valid.

For registration related inquiries, you may reach us through email at [email protected]

For system [NPCRS] related inquiries, please email us at [email protected]

Compliance and Monitoring Division

WARNING
AGAINST MISREPRESENTATION AND FALSE INFORMATION IN DATA PROCESSING SYSTEM REGISTRATION

Online payment on fees and
charges

Service Request and Assessment Form for the
Schedule of Fees and Charges of the National Privacy Commission

ANNOUNCEMENT ON DPS REGISTRATION

With the launch of the National Privacy Commission Registration System (“NPCRS”) and the effectivity of NPC Circular No. 2022-04 on 11 January 2023, the Commission will no longer accept new registration, amendments, and renewal of registration except through the NPCRS portal.

Submission through email, personal filing, ordinary mail, licensed courier service and other mode of physical submission shall NOT be considered valid.

NPC Circular No. 2022-04 can be accessed through this Link

All PICs/PIPs are directed to create an account, through its Data Protection Officer, and register Data Processing Systems at Link.

For registration related inquiries, you may reach the us through email at [email protected]

For system [NPCRS] related inquiries, please email us at [email protected]

Compliance and Monitoring Division

ACCEPTANCE OF THE PRINTED EPHILID AS VALID PROOF OF IDENTITY AND AGE IN ALL SERVICES
OF THE NATIONAL PRIVACY COMMISSION

The National Privacy Commission accepts the various formats of the PhilSys digital
ID, including the printed ePhilID, as a valid and sufficient proof of identity and age subject to authentication
through the PhilSys Check. Please refer to the Philippine
Statistics Authority Public Advisory dated 30 September 2022 and a sample
of the official format of the printed ePhilID for reference.

Announcement regarding the submission of Personal Data Breach
Notifications (PDBN) and Annual Security Incident Reports (ASIR)

With the launch of the DBNMS, the NPC will no longer accept Breach Notification and
Annual Security Incident Report submissions except through the DBNMS online platform. Thus, submissions through
email, personal filing, ordinary mail, licensed courier service, and any other mode of physical submission shall
not be considered as valid.

All Personal Data Breach Notifications and Annual Security Incident Reports shall be
submitted through https://dbnms.privacy.gov.ph .

See the Guidelines on the Issuance of Certificate of Pending/No Pending Case here
and the Request for Certificate of Pending/No Pending Case Form here.

Send your requests to [email protected]
with the subject "CPNPC Request_<name of entity/individual>"

Advisory on modified in-person or face-to-face hearing of cases for all parties with
pending hearings with the NPC download here

There is an easier and safer way to file your complaints before the National Privacy
Commission through the improved COMPLAINTS-ASSISTED FORM (CAF). Download the new version of the form here. Do not forget to attach a copy of your supporting documents.

For inquiries, email us at [email protected]

For complaints, send your complaints-assisted form to [email protected]