LATEST UPDATES



Press Statement of Privacy Commissioner Raymund Enriquez Liboro on the President’s Signing of the National ID Law

August 7, 2018

1. President Rodrigo Roa Duterte has signed the National ID law on the 6th of August 2018, creating the Philippine Identification System to improve the delivery of government and other services to the public, especially those who lack government-issued identification cards. 2. The National Privacy Commission supports the proper implementation of this law in accordance […]

READ MORE



5 gov’t. agencies to jointly handle telco consumer complaints

July 6, 2018

The government will launch an all-out, synchronized effort to promptly deal with consumer complaints on telco services such as those involving data privacy violations, text-scams, vanishing load, unauthorized charges, defective product, and denial of subscription plan activation, among others, Privacy Commissioner Raymund Enriquez Liboro said on Friday. Liboro said the National Privacy Commission (NPC) is […]

READ MORE



Celebrate Filipino Data Privacy Rights on Privacy Awareness Week 2018 –NPC

May 10, 2018

In the wake of the recent spate of media reports linked to data breaches and other privacy-related concerns, the National Privacy Commission (NPC) is urging business, government and civil society organizations to participate in the upcoming Privacy Awareness Week (PAW) on May 28 to 31 and publicly commit to the safeguarding of people’s personal data. […]

READ MORE



NPC investigates multiple government website breach

April 24, 2018

1. The National Privacy Commission (NPC) yesterday summoned the management and other responsible officials of seven schools, institutions, and local government units as it investigates data breaches they sustained following an organized attack on government and commercial organizations last April 1, 2018. 2. The privacy body earlier sent notice to top officials of Taguig City […]

READ MORE



NPC opens probe on Facebook

April 13, 2018

The National Privacy Commission (NPC) is opening an investigation on Facebook following Mark Zuckerberg’s admission of the company’s faults in the Cambridge Analytica data scandal that affected Filipino Facebook users. In a formal letter addressed to Zuckerberg, the NPC is requiring Facebook to submit a number of documents relevant to the case, to establish the […]

READ MORE



Joint Press Statement from Privacy Commissioner Raymund Enriquez Liboro and LTFRB Board Member Atty. Aileen Lourdes Lizada

April 6, 2018

1. In the common pursuit of protecting the rights and interests of drivers and the commuting public, the National Privacy Commission (NPC) and the Land Transportation Franchising and Regulatory Board (LTFRB) are jointly looking into the transaction details of the announced Grab-Uber acquisition. Since this acquisition potentially involves personal data, the NPC is keen on […]

READ MORE



Press Statement from Privacy Commissioner Raymund Enriquez Liboro on the Facebook Controversy involving Cambridge Analytica

April 6, 2018

1. The National Privacy Commission (NPC) has been in touch with Facebook since information on the controversy involving Cambridge Analytica rose to prominence following whistleblower allegations in March 2018. 2. On March 27, the NPC met with Facebook representatives to look into the matter and ascertain if and to what extent, Filipino users were affected. […]

READ MORE



Statement of Privacy Commissioner Raymund Enriquez Liboro On the Uber and Grab Merger

March 27, 2018

Yesterday, both Uber and Grab issued public statements announcing the sale of Uber’s TNV and food delivery business in Southeast Asia to Grab. From these statements, we understand that the Uber service will no longer be available in Southeast Asia including the Philippines, from 8 April 2018. In the interim, Grab is to take Uber’s […]

READ MORE



NPC extends data processing systems registration for covered professionals

March 8, 2018

The National Privacy Commission (NPC) is extending up to July 2 the registration period for the data processing systems (DPS) of individual Personal Information Controllers (PICs) and individual Personal Information Processors (PIPs), specifically for covered professionals. These include medical doctors, lawyers, accountants and dentists, among others, who process personal data and satisfy the criteria for […]

READ MORE



NPC extends deadline of 2017 annual incident report to June 30

March 6, 2018

Organizations and professionals processing personal data in the country now have until June 30 to submit their first annual security incident report to the National Privacy Commission (NPC) after the agency adjusted the deadline, which was initially set on March 31. The annual security incident report is among the yearly compliance obligations of Personal Information […]

READ MORE



Privacy Commission cautions DOH on sharing of Dengvaxia master list

March 6, 2018

PRESS RELEASE The National Privacy Commission (NPC) has advised the Department of Health (DOH) to be circumspect in sharing sensitive personal information of individuals, saying it should only do so if it deems that such sharing or disclosure is authorized under law, adheres to data privacy principles, and there are reasonable and appropriate security measures […]

READ MORE



NPC makes telco take measures against SIM-swap fraud; public warned on identity theft

January 23, 2018

The National Privacy Commission (NPC) has caused Globe Telecom, Inc. to enforce more stringent subscriber verification protocols to better protect its customers following reports that one of its prepaid mobile customers fell victim to identity theft, made possible through the perpetrator that resulted in the unauthorized access to the customer’s online banking account. In a […]

READ MORE



NPC sets March deadline for submission of 2017 Annual Security Incident Report of personal information controllers

January 4, 2018

PRESS RELEASE 1. Personal Information Controllers (PICs) in the country may begin submitting their 2017 Annual Security Incident Report to the National Privacy Commission (NPC), from January 3 to March 31, 2018. 2. The law requires all PICs to submit an Annual Security Incident Report, even if the PIC concerned does not need to register […]

READ MORE



NPC launches PH-wide data protection drive for LGUs in Region 11

December 18, 2017

DAVAO CITY, Philippines – The National Privacy Commission (NPC) recently launched its nationwide campaign here on how local government units (LGUs) can start their journey to compliance and reap the benefits of the Data Privacy Act of 2012. Speaking to Davao Region LGU chief executives and representatives on Monday last week at DPO11: The LGU […]

READ MORE



Latest Statement of Privacy Commissioner Raymund Enriquez Liboro on the Uber Personal Data Breach

December 15, 2017

Today, Uber made public additional information earlier made available to us on their 2016 data breach. We were informed that around 171,000 Filipino citizens consisting of drivers and passengers were affected by the breach. We understand this to be based on the mobile phone numbers included in the registry. We were also informed that the […]

READ MORE



PH Strengthens Extraterritorial Reach through the APEC Cross Border Privacy Enforcement Arrangement

December 5, 2017

1. The Philippines has joined the APEC Cross Border Privacy Enforcement Arrangement (CPEA), the government backstop enforcement network developed for the Cross-Border Privacy Rules (CBPR). It is an initiative that facilitates information sharing among privacy enforcement authorities in APEC economies, provide mechanisms to promote effective cross-border privacy cooperation, and encourage information sharing and cooperation with […]

READ MORE



Statement of Privacy Commissioner Raymund Enriquez Liboro on the Uber Personal Data Breach

November 28, 2017

Press Statement 28/11/2017 1. Yesterday, Uber wrote to us in compliance with their commitment to provide more detailed information about their data breach of October 2016. 2. In that letter, Uber confirmed to us that personal information of Filipinos were exposed in the data breach. As such, the National Privacy Commission has jurisdiction over the […]

READ MORE



Statement of Privacy Commissioner Raymund Enriquez Liboro on NPC’s November 23 meeting with Uber PH

November 24, 2017

Press Statement 24/11/2017 1. The National Privacy Commission summoned Uber to a meeting on Thursday, November 23, 5:30 PM to discuss the self-reported breach that was admitted by the CEO of the transport network vehicle service company. 2. Uber came to the meeting represented by its Data Protection Officer, Atty. Yves Gonzalez, accompanied by external […]

READ MORE



Statement of Privacy Commissioner Raymund Enriquez Liboro on the personal data breach sustained by Uber in 2016

November 22, 2017

Late last night, Uber Chief Executive Officer Dave Khosrowshahi issued a statement to the public announcing that personal data of around 50 million Uber users and 7 million Uber drivers were compromised in a security incident dating back to October 2016, and that Uber concealed the fact of this security incident. The National Privacy Commission […]

READ MORE



Statement of the Privacy Commissioner Raymund Enriquez Liboro on the possible personal data breach sustained by COL Financial Group, Inc.

October 23, 2017

The National Privacy Commission has received a notification at 3:30 in the afternoon of October 20, 2017, Friday, from COL Financial Group, Inc. of a potential data breach to its system. We note that this notification has adhered to standard breach reporting protocols set forth in NPC Circular 16-03, on Personal Data Breach Management. In […]

READ MORE



NPC Statement on SALN and Data Privacy

September 28, 2017

Privacy Commissioner and Chairman Raymund Enriquez Liboro is issuing the following statement related to the Data Privacy and SALN redaction issue: The Data Privacy Act (DPA) is not designed to prevent access to personal information under any circumstances. Rather, it promotes responsible and lawful use of personal information. Section 11 of the DPA states: “The […]

READ MORE



Ahead of PHIE, Private Hospitals Complying with Data Privacy Act

September 20, 2017

With the upcoming implementation of the Philippine Health Information Exchange (PHIE), private hospitals have committed to comply with the Data Privacy Act (DPA) of 2012 and are implementing data protection measures in their data processing systems to protect sensitive personal information of their patients. This was revealed at the first general assembly of Data Protection […]

READ MORE



NPC: Late Registrants, May Face Privacy Compliance Checks

September 14, 2017

Public and private companies that failed to beat the September 9 deadline for the registration of their data processing systems starting with the registraton of their Data Protection Officer (DPO) could face compliance checks, the National Privacy Commission (NPC) warned. Since September 9 fell on a Saturday, a non-working day, the deadline automatically moves to […]

READ MORE



NPC Survey: Filipinos Value Data Privacy

August 30, 2017

Speakers, organizers and participants of a Data Protection Officers’ General Assembly for Media and Social Media professionals pose for a group photo. The event called DPO6 is the 6th of a series of industry specific seminars and workshops organized by the National Privacy Commission (NPC) aimed at improving compliance with the Philippines’ data protection and […]

READ MORE



DPO Forum Issue #01

August 14, 2017

We’re opening the very first Philippine Privacy Awareness Week today with the launch of our Data Privacy Newsletter, featuring updates from the NPC, recaps on events and issues for the past few months, and an interview with a DPO. Get the downloadablehere

READ MORE



DPO3: Telco DPOs show commitment to data privacy compliance in NPC assembly

August 11, 2017

The country’s leading telecommunications firms on Tuesday demonstrated their commitment to upholding data subject rights in the first gathering of Data Protection Officers (DPOs) for the sector conducted by the National Privacy Commission (NPC) at the GT-Toyota Asian Center, Katipunan Avenue, Diliman, Quezon City. Dubbed DPO3: The Data Protection Officers’ Assembly for the Telecommunications Sector, […]

READ MORE



Data privacy compliance a competitive edge for PH companies

July 31, 2017

In this information age, compliance with data privacy and data protection regulations is considered by organizations as a competitive advantage in their business operations. This was confirmed by contact center managers and data protection experts at the recent Data Privacy Asia conference organized by the Contact Center Association of the Philippines. (CCAP). Contact center clients […]

READ MORE



NPC conducts privacy compliance check on BPI

June 16, 2017

The National Privacy Commission (NPC) is conducting a privacy compliance check on the Bank of Philippine Islands (BPI) after the recent incident that caused the bank’s electronic channels to be temporarily suspended, inconveniencing many of its clients. The compliance check will evaluate the existing governance, organizational, physical and technical measures in place and seek to […]

READ MORE



NPC pushes data privacy compliance in banking sector in upcoming DPO2

May 26, 2017

The National Privacy Commission (NPC) is set to convene the Data Protection Officers (DPOs) of the financial services sector on 31 May 2017. Dubbed as “DPO2: The 2nd Data Protection Officers’ Assembly,” the event will be held in cooperation with the Bangko Sentral ng Pilipinas (BSP) and the Bankers Association of the Philippines (BAP). It […]

READ MORE



Threats to Security and Privacy

May 16, 2017

KNOW YOUR ENEMY — This timeless piece of advice is especially relevant today as data privacy threats, both online and offline, have become as rampant as ever. Undetected attacks on our privacy may suddenly be leveraged to wreak havoc at any moment. While defenses and legislation struggle to catch up with fast-paced technological advancements, understanding […]

READ MORE



Holy Week 2017 Advisory for all Data Protection Officers in Government (DPO1)

April 11, 2017

The National Privacy Commission would like to remind all Data Protection Officers to ensure the security of personal data in their respective agencies’ care during the long weekend of Holy Week 2017 (13 to 16 April 2017). This is in order to prevent data breaches such as the one that occurred during the same period […]

READ MORE



Privacy Commission rallies support for data protection in government

April 6, 2017

The National Privacy Commission (NPC) has called on Data Protection Officers (DPOs) in the public sector to get proactive in conducting their duty as watchdogs and advocates of the data privacy rights of Filipinos from within their respective organizations. Speaking to government data protection professionals on Wednesday at DPO1: The 1st Data Protection Officers’ Assembly, […]

READ MORE



A year after COMELEC breach: National Privacy Commission to hold first general assembly of Data Protection Officers

March 28, 2017

Photo by Marinel Mamac / PIAD. About a year after the Comeleak data breach, which exposed the personal data of over 55 million Filipino voters, the National Privacy Commission (NPC) is rallying Data Protection Officers (DPOs) from government agencies to adopt a proactive approach in the fight for data protection of citizens in a series […]

READ MORE



NPC starts probe into COMELEC’s 2nd large scale data breach; issues compliance order

February 20, 2017

Photo by Katrice Obrero / PIAD. The National Privacy Commission (NPC) has ordered the Commission on Elections (COMELEC) on Monday to take serious measures to address its data processing vulnerabilities after the computer of the Office of the Election Officer (OEO) in Wao, Lanao Del Sur was stolen last January 11, 2017. The stolen computer […]

READ MORE



Privacy Commission recommends criminal prosecution of Bautista over “Comeleak”

January 5, 2017

The National Privacy Commission (NPC) has found that the Commission on Elections (COMELEC) violated the Data Privacy Act of 2012 and has recommended the criminal prosecution of Chairman J. Andres D. Bautista for the data breach that occurred between 20 and 27 of March last year. In its decision dated December 28, 2016 on NPC […]

READ MORE



PH Privacy Commission gets international accreditation

October 21, 2016

PH National Privacy Commission approved as full member of the International Conference of Data Protection and Privacy Commissioners (ICDPPC) . Out of 12 data privacy authorities from as many countries that applied for membership this year, the Philippines was only one of five approved for full membership, meeting ICDPPC’s stringent standards for data protection and […]

READ MORE



Government Open Data to Improve with Data Sharing Directives

October 19, 2016

The free flow of information within the government is expected to improve with the issuance of the latest memorandum circular of the National Privacy Commission’s (NPC). (NPC MC 16-02) on Data Sharing Agreements Involving Government Agencies. This issuance from the NPC reinforces its mandate to support the free flow of information and safeguard the right […]

READ MORE



Stricter government handling of personal data ordered in Privacy Commission issuance

October 17, 2016

Personal data in the hands of government offices and all branches of government including state-run schools and colleges are expected to be made more secure with the issuance of the National Privacy Commission’s (NPC) first memorandum circular (#16-001) on the “Security of Personal Data in Government”. According to Commissioner Raymund E. Liboro, the circular is […]

READ MORE



Privacy Commission Advisory on Yahoo Breach

September 24, 2016

Photo/Graphic Source: money.cnn.com The National Privacy Commission (NPC) would like to reiterate the recommendations of Yahoo and cybersecurity experts to Yahoo users to change their passwords on their Yahoo accounts. This follows after the compromise of half a billion user accounts from Yahoo’s servers in 2014 that was only discovered and confirmed by Yahoo this […]

READ MORE



Privacy Act IRR released – NPC to educate public about privacy

August 30, 2016

Photo 1: (From Left to Right) Deputy Privacy Commissioner Dondi Mapa, Deputy Privacy Commissioner Ivy Patdu, and Privacy Commissioner and Chairman Raymund E. Liboro listened to inputs from health information and research stakeholders at a public consultation on R.A. 10173’s Implementing Rules and Regulations / Photo courtesy of Ramon Duremdes Jr. The Implementing Rules and […]

READ MORE



27 July 2016 version of the Proposed IRR

July 27, 2016

For the upcoming public consultation in Cebu this July 28, 2016, and those interested in seeing the latest version of the proposed implementing rules and regulations (IRR) of the Data Privacy Act of 2012 (R.A. 10173). you can download the copy through this link: IRR Version 072716.pdf

READ MORE



Data Privacy Act. IRR Public Consultation – Cebu, 28 July 2016

July 26, 2016

This might be your last chance for a face to face public consultation on the IRR. This one will happen in Cebu. for those who can’t make it, feel free to send us an email at [email protected] Register for the pubcon here: http://bit.ly/2acM0lc Access the draft IRR here: http://www.gov.ph/2016/06/20/irr-data-privacy-act-2012/ Access the E.O.10173 or the Data […]

READ MORE



National Privacy Commission Position on FOI EO

July 26, 2016

The National Privacy Commission  lauds  the signing of the Executive Order on the Freedom of Information as an important step towards greater transparency and people’s participation in government.  The right to information on matters of public concern is a fundamental right provided in the Constitution and the right to privacy must always be balanced with […]

READ MORE



Data Privacy Act Cannot Be Used As Shield Against FOI

July 26, 2016

The Data Privacy Act of 2012 cannot be used by government officials as protection against the Freedom of Information Executive Order issued by President Duterte last week, this was said by the Data Privacy Commission” in a position paper in reaction to concerns that the Data Privacy Act will be used by Government Officials to […]

READ MORE



Invitation to Comment: Proposed Implementing Rules and Regulations of The Data Privacy Act

July 19, 2016

The Data Privacy Act of 2012 is the law for the protection of individual personal information in information and communications system in both government and private sector.  We recognize the need to support the free flow of information for national development, while safeguarding the fundamental right of every individual to privacy. The National Privacy Commission […]

READ MORE