In the exercise of its quasi-judicial function, the National Privacy Commission is authorized to receive complaints, institute investigations, facilitate or enable settlement of complaints through the use of alternative dispute resolution processes, adjudicate, award indemnity on matters affecting any personal information, prepare reports on disposition of complaints and resolution of any investigation it initiates, and, in cases it deems appropriate, publicize any such report.
CID 18-D-012 |
Tags: Request for Extension
|
CID BN 17-019 |
In Re: Sun Life Canada (Philippines) Inc.
Tags: Compliance; Full Breach Report
|
NPC BN 18-105 |
In Re: Landbank of the Philippines
Tags: Full Breach Report
|
NPC BN 18-105 |
In Re: Landbank of the Philippines
Tags: Notification of the Commission/div>
|
NPC 19-910 |
In Re: Fynamics Lending Inc. (Pondo Peso)
Tags: Request for Extension
|
NPC 19-910 |
In Re: Fynamics Lending Inc. (Pondo Peso)
Tags: Discovery Proceedings; Sua Sponte Investigation; Mediation; Personal Information Controller
|
NPC 19-910 |
In Re: Fynamics Lending Inc. (Pondo Peso)
Tags: Incurring Criminal Liability
|
NPC BN 18-198 |
In Re: Cathay Pacific Airways Limited
Tags: Notification of Data Subjects; Personal Information Controller
|
NPC SS 20-001 |
Tags: Alternative Dispute Resolution
|
NPC SS 20-001 |
Tags: Cease and Desist Order
|
NPC BN 18-062 |
Tags: Mandatory Breach Notification
|
CID BN 17-036 previously CID BN 18-0174 |
Tags: Notification of Data Subjects
|
NPC BN 17-027 |
In Re: Sun Life of Canada (Philippines), Inc.
Tags: Notification of Data Subjects
|
NPC BN 18-008 |
Tags: Technical Security Measures
|
NPC BN 20-124 |
Tags: Information that may be used to enable fraud; Mandatory Breach Notification
|
NPC 17-018 |
In Re: EA & TA vs. EJ, EE, & HC
Tags: Establishment of Legal Claims; Transparency; Legitimate Purpose; Proportionality
|
NPC BN 18-035 |
Tags: Notification of the Commission, Notification of Data Subjects, and Technical Security Measures
|
NPC BN 18-135 |
In Re: KGJS Fleet Management Manila Inc.
Tags: Mandatory Breach Notification and Technical Security Measures
|
NPC BN 18-138 |
In Re: Pacific Plaza Resolution
Tags: Other tags, Real Risk of Serious Harm, Technical Security Measures and Mandatory Breach Notification
|
NPC BN 18-220 and NPC BN 18-231 |
In Re: Department of Trade and Industry
Tags: Technical Security Measures and Personal Information Controller
|
NPC BN 18-229 |
Tags: Personal Data Breach Management; Notification of Data Subjects
|
NPC BN 22-107 |
In Re: Asia United Bank Corporation
Tags: Personal Data Breach Management; Exemption or Postponement of Notification; Notification of Data Subject; When Notification is Required
|
NPC BN 21-218 |
In Re: JRC vs. Bank of the Philippine Islands
Tags: Sec (E) (3) Implementing Rules and Regulations of the Data Privacy Act 2012
|
NPC 23-015 |
In re: Metro Pacific Tollways Corporation
Tags: Mandatory Breach Notification
|
NPC 19-258 |
Tags: Outright Dismissal |
NPC 18-222 |
In re: Polytechnic University of the Philippines
Tags: Notification of Data Subjects and Security Incident Management Policy
|
NPC 18-142 |
In re: Smart Communications, Inc
Tags: Technical Security Measures and Organizational Measures
|
NPC 18-120 |
Tags: Notification of Data Subjects and Personal Information Controller
|
NPC 18-075 |
Tags: Notification of Data Subjects; Mandatory Breach Notification; and Procedures in Security Incident or Personal Data Breach
|
NPC 18-073 |
In re: Philippine Long Distance Telephone Company, Inc.
Tags: Notification of Data Subjects
|
NPC 18-046 |
In re: City Government of Iloilo-Internal Audit Services
Tags: Technical Security Measures and Personal Data Breach
|
NPC 18-019 |
In re: Ateneo de Zamboanga University
Tags: Technical Security Measures
|
NPC 17-028 and NPC BN 18-180 |
In re: EasyTrip Services Corporation
Tags: Mandatory Breach Notification and Technical Security Measures
|
NPC 17-010 |
In re: Movie and Television Review and Classification Board
Tags: Notification of Data Subjects and Alternative Means of Notification
|
NPC BN 18-033 and NPC BN 18-076 |
Tags: Notification of Data
Subjects; Personal
Information
Processor; Personal
Information
Controller; Principle
of Accountability;
and Real Risk of Serious Harm
|
NPC BN 18-213 |
In Re: Manufacturers Life Insurance Co.
Tags: Exemption from
Notification
Requirements;
Notification of Data
Subject; Mandatory
Breach Notification;
and Real Risk of
Serious Harm
|
NPC BN 18-115 |
Tags: Technical Security Measures; Physical Measures; Organizational Measures
|
NPC BN 18-200 |
In Re: Cardinal Health International Philippines, Inc.
Tags: Exemption from Notification Requirements
|
NPC BN 18-229 |
Tags: Personal Data Breach Management; Notification of Data Subjects
|
NPC 20-026 |
Tags: Unauthorized Processing (Section 25), Right to Erasure
|
NPC 22-012 |
Tags: Burden of Proof, Defense of Legal Claims (Section 13 (f)), NPC Mandate, Proportionality, Transparency
|
NPC 22-180 and 22-181 |
DVL v. Alamat Crewsers Motorcycle Club and LAE v. Alamat Crewsers Motorcycle Club
Tags: Consent, Legitimate Interest (Section 12(f)), Personal Information Controller
|
NPC 18-037 |
In re: Acesite (Phils) Hotel Corporation
Tags: Privacy Impact Assessment
|
CID BN 17-020 & CID BN 17-029 |
In re: Breach Notification Report of Sun Life of Canada
Tags: Personal Data Breach Management (NPC Circular 16-03)
|
NPC BN 18-085 |
In re: La Salle Greenhills School
Tags: Privacy Impact Assessment
|
NPC CDO 22-001 |
Tags: Issuance of Cease and Desist Orders (NPC Circular No. 20-02) ; General Data Privacy Principles (Section 11) ; Rights of the Data Subject (Section 16)
|
NPC BN 22-094 |
Tags: Personal Data Breach Management (NPC Circular 16-03) ; Mandatory breach notification; Postponement of notification
|
NPC BN 21-185 |
Tags: Personal Data Breach Management (NPC Circular 16-03) ; Mandatory breach notification; Determination of the Need to Notify; Alternative means of notification.
|
NPC BN 18-006 |
Tags: Mandatory Breach Notification, Notification of Data Subjects
|
NPC BN 18-045 |
In re: University of the Philippines - Visayas
Tags: Mandatory Breach Notification, Security Incident
|
NPC BN 18-179 |
Tags: Mandatory Breach Notification, Notification of Data Subjects, Security of Personal Information
|
NPC 21-010 to NPC 21-015 |
Tags: Compliance with a Legal Obligation (Section 12 (c)), Jurisdiction, Motion for Reconsideration, Unauthorized Disclosure (Section 32)
|
NPC 19-030 and NPC 19-132 |
Tags: Motion for Reconsideration ; Consolidation of Cases
|
NPC 19-278 |
Tags: Finality of the case, Failure to substantiate allegations
|
NPC 19-909 |
In Re: FCASH Global Lending, Inc., Operating Fastcash Lending Application
Tags: NPC Rules of Procedure, Exhaustion of Administrative Remedies, Litis Pendentia, Amicable Settlement and Alternative modes of dispute resolution, Liability of Corporate officers
|
NPC 19-438 |
Tags: Procedures in Security Incident or Personal Data Breach, Security Incident Management Policy, Notification of Data Subjects, Personal Information Controller
|
NPC SS 19-001 |
In re: Department of Foreign Affairs (DFA) - Passport Breach
Tags: Security of ersonal Information; Technical Security Measures
|
NPC 16-004 |
Tags: Personal Information Controller, NPC Mandate, Consent, Legitimate Purpose, Notification of Data Subjects |
NPC 21-086 |
RTV v. East West Banking Corporation
Tags: Nominal Damages |
NPC BN 19-115 |
In re: Sun Life of Grepa Financial, Inc
Tags: Compliance with the NPC Circular 16-03 (Personal Data Breach Management) |
NPC BN 18-069 |
In re: Professional Regulations Commission (PRC)
Tags: Personal data breach; Logbook policy of government agencies |
CID BN 18-086 |
In re: Tulay sa Pag-Unlad, Inc
Tags: Notification to the Commission and affected data subjects |
NPC 18-038 |
FGP vs. Maersk Global Center Philippines, Ltd.
Tags: Right to access, Nominal damages |
NPC 19-605 |
GMT vs Fcash Global Lending, Inc (Fast Cash)
Tags: General Data Privacy Principles, Legitimate Interest, Processing of Personal Information for Unauthorized Purpose, Substantial Evidence, Extent of Liability, Nominal Damages, Exhaustion of Remedies |
NPC BN 17-048 |
Tags: Compliance with the NPC Circular 16-03 (Personal Data Breach Management) |
CID BN 17-034 |
In re: Breach Notification Report of Philippine National Bank (PNB)
Tags: Compliance with the NPC Circular 16-03 (Personal Data Breach Management) |
NPC 18-010 |
Tags: Personal Information Controller, Consent, Processing Necessary for Compliance with a Legal Obligation (Section 12 (c)), Processing for Unauthorized Purposes (Section 28), Malicious Disclosure (Section 31), Unauthorized Disclosure (Section 32), Gross Negligence |
NPC BN 21-078 |
In re: Bombardier Transportation Philippines, Inc.
Tags: BBreach Notification, Principle of Accountability, Procedures in Security Incident or Personal Data Breach, Notification of the Commission, Notification of Data Subjects |
CID 18-K-200 |
Tags: Breach Notification, Security Incident Management Policy |
03-25-2021 |
Tags: Cease and Desist Order |
02-23-2021 |
Tags: Temporary Ban on Processing, Public Interest |
NPC BN 17-002 |
In re: Data Breach Involving the COMELEC Data Processing System in Wao, Lanao Del Sur
Tags: Data Breach Notification Report, general rule to notify the affected data subjects, security incident management policy, and security measures. |
NPC BN 20- 049 |
In re: Health Delivery System, Inc.
Tags: Notification of the data subjects, Exemption from the notification requirement |
NPC BN 18-223 |
Tags: Requirements of notification, When notification should be done? When delay is prohibited? |
NPC BN 18-186 |
In re: Manila Shared Services Employees Credit and Savings Cooperative
Tags: Criteria when notification is required, Breach Notification, Reasonable and Appropriate Measures to Protect Personal Information |
NPC 19-1201 |
Tags: Commission’s power to facilitate or to enable settlement of complaints through alternative dispute resolution processes, rights of the Data Subject, Right to Access, PIC, is required to develop, implement, and review policies and procedures, to ensure that the aforesaid policies and procedures shall enforce and effectively implement the provisions of the DPA, including those pertaining to the rights of data subjects, definition of data subject |
NPC BN 18-037 |
In re: Acesite (Phils.) Hotel Corporation
Tags: Personal data breach, availability breach, Security incident, Scope of mandatory breach notification |
NPC BN 18-183 |
In re: Sun Life Canada (Phil.) Inc
Tags: Personal Data Breach Management |
NPC BN 17-038 |
Tags: Documentation, Proof of measures undertaken to prevent recurrence of incident, Security Incident Management Policy, Unauthorized disclosure of Wifi credentials |
NPC BN 17-032 |
Tags: Documentation, data breach management, organizational, physical, and technical security measures, data privacy policies, Notification to the Commission, Security of Personal Information |
NPC BN 20-124 |
Tags: Breach Notification, Notification of Data Subjects |
NPC BN 20-157 |
In re: Batangas Bay Carriers, Inc.
Tags: Breach Notification, Notification of Data Subjects, Substantial Evidence, Mandatory Breach Notification |
NPC BN 20-208 |
In Re: Commission on Elections (COMELEC)
Tags: Breach Notification, Notification of Data Subjects, Notification of the Commission |
NPC BN 20-157 |
In re: Batangas Bay Carriers, Inc.
Tags: Breach Notification, Notification of Data Subjects, Notification of the Commission |
CID BN 17-021 |
In re: Breach Notification Report of Sun Life of Canada
Tags: Breach Notification, Notification of Data Subjects, Exhaustion of remedies |
NPC 17-K-001 |
Tags: Technical Security Measures |
NPC BN 20-149 |
In re: National Privacy Commission
Tags: Breach Notification, Notification of Data Subjects, Mandatory Breach Notification, Exemption from Notification Requirements |
CID 17-K-004 |
Tags: Substantial compliance, Burden of proof and burden of evidence, Compliance to the Data Privacy Act, Reasonable security measures |
NPC BN 17-025 |
In re: Jobstreet (formerly CID BN 17- 025)
Tags: Security measures, Personal Data Breach Management, Documentation, Security of Personal Information |
NPC BN 18-217 |
In re: Infosys BPM-Philippines
Tags: Breach Notification, Notification of the Commission |
NPC BN 20-141 |
In re: Home Credit Consumer Finance Philippines, Inc.
Tags: Notification of Data Subjects, obligation of the Personal Information Controller |
CID BN 19-067 |
Tags: When notification to the Commission should be done?, Procedure on which the personal information controller (PIC) must follow in notifying the affected data subjects affected by a personal breach, content of Data Breach Notification Report, alternative means of notification |
CID BN 17-039 |
Tags: Notification and other requirements, general rule to notify the affected data subjects, Notification to the Commission, Documentation, Measures undertaken to prevent the recurrence of breach, exemption from notification |
NPC 16-005 |
N.I.H. vs WSQ Medical Center et. al.
Tags: The power of Commission to facilitate or enable settlement through the use of alternative dispute resolution processes, Compromise Agreement |
CID BN 18-081 |
In re: Philippine Seven Corporation
Tags: Security of Personal Information, notification and other requirements |
NPC BN 20-170 |
In re: Travelpeople Ltd., Inc.
Tags: Notification of data subjects of data breaches is the general rule, The data subjects shall be notified within seventy-two (72) hours upon knowledge of or reasonable belief by the personal information controller or personal information processor that a personal data breach has occurred, exemption or postponement will only be allowed in exceptional circumstances under Section 18(B) of NPC Circular No. 16-03, when notification is required, conditions necessitating mandatory breach notification, ransomware, interpretation of the DPA |
NPC BN 20-167 |
Tags: The data subjects shall be notified within seventy-two (72) hours upon knowledge of or reasonable belief by the personal information controller or personal information processor that a personal data breach has occurred., exemption or postponement will only be allowed in exceptional circumstances under Section 18(B) of NPC Circular No. 16-03, when notification is required, conditions necessitating mandatory breach notification, ransomware, interpretation of the DPA |
NPC BN 20-101 |
In re: De La Salle Health Sciences Institute (DLSHSI)
Tags: Definition of security incident and data breach, Forms of personal data breach |
NPC BN 20-044 |
Tags: Breach Notification, Personal data Breach |
NPC 18-028 |
Tags: Who may file a complaint , Rights of Data Subjects |
NPC 19-908 |
In re: Unipeso Lending Company, Inc.
Tags: Litis Pendentia, The power of the Commission to investigate on its own initiative, Time to plead, Application of Fresh Period Rule, Appeal |
NPC 19-528 |
Tags: Proportionality, Temporary Ban, Consent |
08-09-2019 |
Tags: Substantial Evidence, Transparency, Updating Terms & Conditions |
07-25-2019 |
Tags: Motion for Reconsideration, On-site Examination |
All content is in the public domain unless otherwise stated.
Learn more about the Philippine government, its structure, how government works and the officials behind it.
GOV.PH