741
Total Personal Breach Notifications
from Year 2022 to August 2024
115
Reports
86
Reports
35
Reports
GOVERNMENT (55)
OTHERS (25)
EDUCATION (21)
FINANCIAL SERVICE ACTIVITIES (21)
MANPOWER AGENCIES (17)
GOVERNMENT (53)
FINANCIAL SERVICE ACTIVITIES (49)
RETAIL/TRADE (28)
EDUCATION (20)
HEALTHCARE FACILITIES (20)
With the rapid evolution of technology, threats to personal data are also rising at an alarming rate. It is becoming quite common as headlines that private and government entities suffered a data breach. As personal data breaches and security incidents comes with digitalization, fortification of our cyber defenses and ensuring that our personal data and sensitive personal data is protected should be the top priority. One of the most important factors to consider is to protect user credentials through secure and appropriate user authentication methods.
Authentication is the process of verifying someone’s identity using different techniques. There are three authentication factors:
Using only one of these methods to authenticate is called Single Factor Authentication. For example, when a person can access his/her Facebook account using only his/her password, then his/her identity is verified using only Single Factor Authentication. However, if a person uses a combination of the three authentication factors, he or she is using Multifactor Authentication (MFA).
Multifactor Authentication requires the user to use the three authentication factors. For example, to login, the employee will need to input his/her password (something you know). After the password is verified, the user will then have to scan his/her fingerprint (something you are). Finally, once the user’s password and biometric information was verified by the system, the employee will have to input his/her hardware authentication device in the USB port (something you have). Only then will the employee be able to login and use the resources of the company that he/she has authorization to use.
Of the three methods, Single Factor Authentication, Two Factor Authentication, Multifactor Authentication, the latter is considered the most secure and should be implemented by organizations especially those that process high volumes of personal data.
“We wish to congratulate the National Privacy Commission (the “Commission”) in launching and implementing its Data Breach Notification Management System (“DBNMS”). Personal data breaches are among the top concerns of Personal Information Controllers (“PICs”), especially considering the severe impact it has on the data subjects and the business. Hence, having a system to facilitate the swift submission of critical breach-related information is certainly a boon, as it permits the Commission to quickly and efficiently respond to such reports. Moreover, by making breach notifications less daunting through an organized, accessible, and easy to understand portal, the Commission, through the DBNMS, encourages entities of all sizes to comply—regardless of whether they’re an organization with robust resources dedicated to privacy management or an individual professional processing personal data. At any rate, we believe that the DBNMS is a testament to the Commission’s desire to be a partner to the PICs and a stalwart defender of the Filipinos’ privacy rights. Once again, we congratulate the Commission on this pivotal achievement.”
Atty. Roberto Miguel O. Raneses
Data Protection Officer
DITO Telecommunity
“We wish to congratulate the National Privacy Commission (the “Commission”) in launching and implementing its Data Breach Notification Management System (“DBNMS”). Personal data breaches are among the top concerns of Personal Information Controllers (“PICs”), especially considering the severe impact it has on the data subjects and the business. Hence, having a system to facilitate the swift submission of critical breach-related information is certainly a boon, as it permits the Commission to quickly and efficiently respond to such reports. Moreover, by making breach notifications less daunting through an organized, accessible, and easy to understand portal, the Commission, through the DBNMS, encourages entities of all sizes to comply—regardless of whether they’re an organization with robust resources dedicated to privacy management or an individual professional processing personal data. At any rate, we believe that the DBNMS is a testament to the Commission’s desire to be a partner to the PICs and a stalwart defender of the Filipinos’ privacy rights. Once again, we congratulate the Commission on this pivotal achievement.”
The DBMS dashboard is a great tool for annual security incident reporting, as it provides a snapshot or a visual overview of our incidents. Reporting of data breaches and security incidents is streamlined, as one is able to encode all the required information in one go. Prior to the DBMS being available, reports are manually prepared and emailed to the NPC; this method lacked the necessary real-time checks, to ensure compliance with all required and relevant elements. With the DBMS, a DPO is aptly guided, and all requirements or information for a report will surely be present. Moreover, the receipt of the report by the commission is documented and the status of any reports filed can be clearly tracked.
One standout feature is the system’s pre-defined worksheet/questionnaire helping one to assess whether a data security incident warrants mandatory reporting. For a DPO, accurate incident assessment is paramount, and the user-friendly questionnaire walks us through the incident details, prompting us to consider crucial factors that influence reporting decisions. This is a great “sanity check” for any DPO, ensuring that we can objectively examine incidents and align perfectly with our compliance objectives.
We commend the NPC for doing their best to support the compliance programs of companies, and subsequently providing tools to streamline reporting obligations. In today’s environment, where security breaches and data incidents can have far-reaching implications, we are grateful for a system that not only simplifies the reporting process but empowers us to uphold the highest standards of data protection.”
Irene Isidoro-Torres
Data Protection Officer
LBC Express, Inc.
Representative, Transport and Logistics, DPC
"I would like to congratulate the National Privacy Commission (NPC) and the Compliance and Monitoring Division (CMD) for the successful development and implementation of the Data Breach Notification Management System (DBNMS). The DBNMS serves as the pioneering platform of NPC applying privacy-by-design and privacy engineering in its software development lifecycle. The system’s rapid response during breach reporting, detailed breach analysis, and interactive communication capabilities have proven very useful for personal information controllers in the country."
Damian Domingo Mapa
Regional Data Protection Officer, Director
APAC Chief Privacy Office
CITI
“I wish to congratulate the National Privacy Commission (NPC) on the inclusion of your program, Data Breach Notification Management System (DBNMS), as a nominee in the Global Privacy Assembly Awards.
The DBNMS, a user-friendly interface that facilitates easy tracking and faster submission of Personal Data Breach Notifications (PDBN) and Annual Security Incident Reports (ASIR), is a laudable initiative of the NPC to make its processes more efficient through digitization. The system addresses the limitations of manual submission and processing and increases public transparency as it allows personal information controllers (PICs) to access pertinent and real-time information on their data breach notification.
This is a good example of harnessing the benefits of emerging technologies to better serve the people. The program’s inclusion in the Global Privacy Assembly Awards is a testament to its noteworthiness. I hope it will be the eventual winner. Congratulations and more power to the National Privacy Commission!"
Anna Mae Y. Lamentillo
Undersecretary for Public Affairs and Foreign Relations
Department of Information and Communications Technology
"DBMNS is very convenient for us users (DPOs). The platform allows us to easily connect with the National Privacy Commission (NPC) and the interface is user friendly and easy to use, especially in complying with the Annual Security Incident Report, with just a few clicks of a button you can easily comply with the annual reportorial requirement. With the DBNMS, complying with the requirements of the National Privacy Commission feels just like a breeze!""
Josue Obelidor
Data Protection Officer
Far Eastern University - Dr. Nicanor Reyes Medical Foundation (FEU-NRMF)
"Using the Data Breach Notification Management System (DBNMS) of the National Privacy Commission has truly transformed my role as a Data Protection Officer. It guides me through the complex process of complying with the reportorial requirements of the Data Privacy Act of 2012 especially with the submission of the Annual Security Incident Reports. With just a few clicks, I can efficiently comply.
This system also ensures that I stay on the right side of the law by helping me meet legal requirements for reportorial requirements. It's a sigh of relief knowing I can avoid fines and keep our organization's reputation intact with God’s help.
Beyond its legal benefits, the system has elevated our data protection practices. This proactive approach helps prevent future breaches and strengthens our overall data protection strategy. Being a Data Protection Officer has never been so empowering, thanks to this user-friendly and efficient system that supports our commitment to privacy and security."
Dr. Sharene Labung
DPO -La Verdad Christian College, Inc./DPO -MCGI
“The NPC Data Breach Management Notification System is a breakthrough project for the NPC. Since its launch in 2022, Organizations and Agencies were able to not only easily report a breach in compliance with the law, but as well as help their own Data Privacy teams in assessing security incidents through self-assessment. Having an automated system for reporting data breach helps organizations keep track of security incidents as part of good governance practice and helps protect data subjects in getting timely notification when needed. This initiative has definitely been a welcome innovation and receipt of efficient and ethical public service.”
Numeriano Hernandez, Jr.
DPO – Security Bank
“I am very proud that the Data Breach Notification Management System (DBNMS) of the National Privacy Commission has been shortlisted as a candidate for the Best in Innovation Awards Category of the Global Privacy Assembly.
The implementation of this new DBNM system made one of the compliance and monitoring requirements of an organization easy and real time. The mandatory requirement to submit annual security incident and data breach is now online and can be done anytime, anywhere and with any computer device. This supports the new work arrangements of DPOs who have been on work-from-home or flexible work arrangements during the pandemic up to this time. The system which also provided real-time reporting of data breach which falls under mandatory reporting is an efficient tool provided by NPC to receive on real-time reports, provide immediate feedback to the DPO’s registered email address, through the same system. Communication is between the NPC and the DPO who reported a data breach is through the system, thus we both just have to look at one system.
The system is easy to use, as it provides the list of security incidents and data breaches which may be encountered, thus we, DPOs can use such as our reference in monitoring our incidents and breach on a regular basis, and not just on an annual basis.
As a DPO, this system is one of the innovative tools provided by the NPC, and we would like to commend this and the NPC. We strongly commend the DBNMS to merit the award “Best in Innovation,” as it is well-deserved.
Congratulations to the NPC!”
Gelalyn V. Boquiren
Group Data Protection Officer
San Miguel Corporation
I would like to congratulate the National Privacy Commission (NPC) and the Compliance and Monitoring Division (CMD) for the successful development and implementation of the Data Breach Notification Management System (DBNMS). The DBNMS serves as the pioneering platform of NPC applying privacy-by-design and privacy engineering in its software development lifecycle. The system’s rapid response during breach reporting, detailed breach analysis, and interactive communication capabilities have proven very useful for personal information controllers in the country.
Damian Domingo Mapa
Regional Data Protection Officer, Director
APAC Chief Privacy Office
CITI
DBMNS is very convenient for us users (DPOs). The platform allows us to easily connect with the National Privacy Commission (NPC) and the interface is user friendly and easy to use, especially in complying with the Annual Security Incident Report, with just a few clicks of a button you can easily comply with the annual reportorial requirement.
With the DBNMS, complying with the requirements of the National Privacy Commission feels just like a breeze!
Josue Obelidor
Data Protection Officer
Far Eastern University - Dr. Nicanor Reyes Medical Foundation (FEU-NRMF)
Using the Data Breach Notification Management System (DBNMS) of the National Privacy Commission has truly transformed my role as a Data Protection Officer. It guides me through the complex process of complying with the reportorial requirements of the Data Privacy Act of 2012 especially with the submission of the Annual Security Incident Reports. With just a few clicks, I can efficiently comply.
This system also ensures that I stay on the right side of the law by helping me meet legal requirements for reportorial requirements. It's a sigh of relief knowing I can avoid fines and keep our organization's reputation intact with God’s help.
Beyond its legal benefits, the system has elevated our data protection practices. This proactive approach helps prevent future breaches and strengthens our overall data protection strategy. Being a Data Protection Officer has never been so empowering, thanks to this user-friendly and efficient system that supports our commitment to privacy and security.
Dr. Sharene Labung
DPO -La Verdad Christian College, Inc./DPO -MCGI
“The NPC Data Breach Management Notification System is a breakthrough project for the NPC. Since its launch in 2022, Organizations and Agencies were able to not only easily report a breach in compliance with the law, but as well as help their own Data Privacy teams in assessing security incidents through self-assessment. Having an automated system for reporting data breach helps organizations keep track of security incidents as part of good governance practice and helps protect data subjects in getting timely notification when needed. This initiative has definitely been a welcome innovation and receipt of efficient and ethical public service.”
Atty. Numeriano Hernandez, Jr.
Data Protection Officer
Security Bank
“I am very proud that the Data Breach Notification Management System (DBNMS) of the National Privacy Commission has been shortlisted as a candidate for the Best in Innovation Awards Category of the Global Privacy Assembly.
The implementation of this new DBNM system made one of the compliance and monitoring requirements of an organization easy and real time. The mandatory requirement to submit annual security incident and data breach is now online and can be done anytime, anywhere and with any computer device. This supports the new work arrangements of DPOs who have been on work-from-home or flexible work arrangements during the pandemic up to this time. The system which also provided real-time reporting of data breach which falls under mandatory reporting is an efficient tool provided by NPC to receive on real-time reports, provide immediate feedback to the DPO’s registered email address, through the same system. Communication is between the NPC and the DPO who reported a data breach is through the system, thus we both just have to look at one system.
The system is easy to use, as it provides the list of security incidents and data breaches which may be encountered, thus we, DPOs can use such as our reference in monitoring our incidents and breach on a regular basis, and not just on an annual basis.
As a DPO, this system is one of the innovative tools provided by the NPC, and we would like to commend this and the NPC. We strongly commend the DBNMS to merit the award “Best in Innovation,” as it is well-deserved.
Congratulations to the NPC!”
Gelalyn V. Boquiren
Group Data Protection Officer
San Miguel Corporation
“We wish to congratulate the National Privacy Commission (the “Commission”) in launching and implementing its Data Breach Notification Management System (“DBNMS”). Personal data breaches are among the top concerns of Personal Information Controllers (“PICs”), especially considering the severe impact it has on the data subjects and the business. Hence, having a system to facilitate the swift submission of critical breach-related information is certainly a boon, as it permits the Commission to quickly and efficiently respond to such reports. Moreover, by making breach notifications less daunting through an organized, accessible, and easy to understand portal, the Commission, through the DBNMS, encourages entities of all sizes to comply—regardless of whether they’re an organization with robust resources dedicated to privacy management or an individual professional processing personal data. At any rate, we believe that the DBNMS is a testament to the Commission’s desire to be a partner to the PICs and a stalwart defender of the Filipinos’ privacy rights. Once again, we congratulate the Commission on this pivotal achievement.”
Atty. Roberto Miguel O. Raneses
Data Protection Officer
DITO Telecommunity
“I wish to congratulate the National Privacy Commission (NPC) on the inclusion of your program, Data Breach Notification Management System (DBNMS), as a nominee in the Global Privacy Assembly Awards.
The DBNMS, a user-friendly interface that facilitates easy tracking and faster submission of Personal Data Breach Notifications (PDBN) and Annual Security Incident Reports (ASIR), is a laudable initiative of the NPC to make its processes more efficient through digitization. The system addresses the limitations of manual submission and processing and increases public transparency as it allows personal information controllers (PICs) to access pertinent and real-time information on their data breach notification.
This is a good example of harnessing the benefits of emerging technologies to better serve the people. The program’s inclusion in the Global Privacy Assembly Awards is a testament to its noteworthiness. I hope it will be the eventual winner. Congratulations and more power to the National Privacy Commission!"
Anna Mae Y. Lamentillo
Undersecretary for Public Affairs and Foreign Relations
Department of Information and Communications Technology
“As a Data Protection Officer (DPO), navigating the complex realm of DPA compliance continuously poses challenges. We are grateful to the National Privacy Commission’s (NPC) Data Management System (DBMS), which has significantly lightened our load, and has made incident reporting less daunting.
The DBMS dashboard is a great tool for annual security incident reporting, as it provides a snapshot or a visual overview of our incidents. Reporting of data breaches and security incidents is streamlined, as one is able to encode all the required information in one go. Prior to the DBMS being available, reports are manually prepared and emailed to the NPC; this method lacked the necessary real-time checks, to ensure compliance with all required and relevant elements. With the DBMS, a DPO is aptly guided, and all requirements or information for a report will surely be present. Moreover, the receipt of the report by the commission is documented and the status of any reports filed can be clearly tracked.
One standout feature is the system’s pre-defined worksheet/questionnaire helping one to assess whether a data security incident warrants mandatory reporting. For a DPO, accurate incident assessment is paramount, and the user-friendly questionnaire walks us through the incident details, prompting us to consider crucial factors that influence reporting decisions. This is a great “sanity check” for any DPO, ensuring that we can objectively examine incidents and align perfectly with our compliance objectives.
We commend the NPC for doing their best to support the compliance programs of companies, and subsequently providing tools to streamline reporting obligations. In today’s environment, where security breaches and data incidents can have far-reaching implications, we are grateful for a system that not only simplifies the reporting process but empowers us to uphold the highest standards of data protection.”
Irene Isidoro-Torres
Data Protection Officer
LBC Express, Inc.
Representative, Transport and Logistics, DPC
“As a Data Protection Officer, the DBNMS of the Philippines’ National Privacy Commission is a very welcome innovation. The system is very easy to use and data are received real-time. I especially like self-assessment feature where one can easily check if an incident falls under the Commission’s mandatory reporting. Good for the environment, too since we no longer have to travel or send reports by mail. Good job, NPC!”
Sharon T. So
Data Protection Officer
2GO Express, Inc.
TAL Sector Vice Representative
“Through the DBNMS, the DILG has a peace of mind in reporting such incidences as it streamlines the process seamlessly. The DBNMS enables us to report any data breach cases within less than 72 hours upon discovery thereby ensuring immediate action containing any data breach and saving us time in foregoing any extra paperwork that can potentially cause delays and risks for the exposure of data. We now face the challenges of the privacy landscape in bringing confidence and faith in the DBNMS as our powerful tool in protecting our data.
Together with the help of the NPC, the DILG can assure that we are able to safeguard your data. The DILG extends its highest praises to the NPC for this innovation in the field of data privacy.
Rest assured we will remain 100% supportive in the NPC’s endeavors in championing the Philippine Data Privacy Act of 2012”
Francisco Cruz, Assistant Secretary for Plans and Programs, DILG.
“The DBNMS has enabled a simpler and faster method of data breach reporting and our annual security incident. It has also provided a transparent way to access pertinent and real time information for any data breach notification that the company may make. So with, that I wish all the National Privacy Commission team thank you for this simpler way of submitting breach notifications.”
Juan Sotero T. Roman
Data Privacy Officer
FWD
“The implementation of this system has not only enhanced our organization’s security measures but it has also significantly improved my ability to safeguard sensitive data and uphold the highest standard of data protection. As the DPO, my foremost responsibility is to ensure that our organization complies with data protection laws and regulations. The DBNMS has become an invaluable tool in this pursuit. This system has definitely simplified the process for PICs to submit Personal Data Breach Notifications and Annual Security Incident Reports. The system also adopts a user-friendly interface to increase public transparency with real-time information on data breach notifications. The DBNMS also address the limitations in the old system of manual submissions and processing.”
Cecelia A. Mercado
Data Protection Officer
Saint Louis University
“I remember during our ISO Audit, when we showed our auditor the DBNMS and walked him through how it works. Being his first Philippine Client, he was quite amused with this kind of innovation, that we no longer have to think our emails to client communications, we and NPC relating to incident notification, because all incident notification and subsequent communication can be done via the DBNMS. We also showed him how to file a data breach notification, by PIC’s filling out the data breach notification form, and within the form, the risk of unintentional omission of relevant medias about an incident is thereby reduced.”
JC Retardo
Data Protection Officer
Maya
“With the online service offered by the DBNMS, particularly the self-assessment test facility for establishing the requirement for mandatory reporting, any such regulatory ambiguity is removed, allowing affected organizations to move perfectly comply with the in law and move forward more confidently in dealing with incidents.”
Jonathan John Paz
EISO and DPO
Bank of the Philippine Islands
“As Data Protection Officer, I can attest that your Data Breach Notification Management System or DBNMS is a highly efficient and user-friendly system that saves and optimizes time. Before the DBNMS, submission of data breach notification and annual security incident reports were quite tedious and very time consuming as they were done manually. Preparing all necessary paperwork was challenging. I had to keep on referring to the circular to find out the documents submitted to be prepared and the information that needs to be submitted. Tracking the status of your submission was another challenge. You have to wait for email notification, or you have to call to know the status. But with the DBNMS, submissions and documents and reports became a lot easier and more efficient because all that a DPO needs to do is to fill up the fields, no more cross referencing with the circular. All information and documents that the DPO needs to submit are already in the form.”
Atty. Jude Romano
Head of External Affairs
Home Credit
“The Data Breach Notification Management System is a huge step in the right direction. Users are now able to easily identify the type of breach or incident (i.e. Mandatory Breach Notification, Voluntary Data Breach Notification, and Other Security Incidents) that they need to report. The security incident list and descriptions also help guide users to classify the security incident type. The inclusion of an editing function post report submission would be ideal for user errors. All in all, this platform will further enable data privacy compliance for organizations.”
Atty. Irish Krystle Alameida
Globe
All Breach Notifications and Annual Security Incident Reports (Annual Security Incident Report (“ASIR”) shall be submitted through the Data Breach Notification Management System (“DBNMS”) online platform (https//dbnms.privacy.gov.ph) . To guide you in navigating the DBNMS, please watch the videos through the links below:
1. How to create DBNMS account
2. How to submit a Personal Data Breach Notification report
3. How to comply with the required documents and information
4. How to submit an Annual Security Incident Report
All content is in the public domain unless otherwise stated.
Learn more about the Philippine government, its structure, how government works and the officials behind it.
GOV.PHMULTI-FACTOR AUTHENTICATION
Multi-factor Authentication (MFA) is a verification process which requires the user to use three authentication factors. It is a combination of three kinds of user authentication consisting of (1) passwords/pincodes, (2) biometrics, and (3) use of an authentication device. MFA is considered currently as the most secured method of authentication.