The National Privacy Commission (NPC) has extended the deadline for submission of security incident reports for both the public and private sectors.
Submissions opened last January 3 and June 30 will be the new cutoff instead of March 31, the agency said in a statement.
“We are intent on coming up with a version of the annual report that is more concise and easier for DPOs (data protection officers) to prepare,” Privacy Commissioner Raymund Liboro said.
“At the same time, the commission is also seeking ways to align the annual report with the requirements of other privacy regulations on international data flows such as the GDPR (General Data Protection Regulation) and APEC-CBPR (Cross Border Privacy Rules),” he added.
The Data Privacy Act of 2012 mandates “personal information controllers” (PICs) in government agencies and companies to submit annual security incident reports.
These should detail all security incidents for the year, including data breaches and attacks that may have affected the personal data of consumers and clients.
“These reports are an essential signpost of any PIC’s commitment to protecting the personal data of customers and employees,” Liboro earlier said.
“When properly collated, the data becomes an invaluable management resource that enables a PIC to assess its reaction time for every crucial event … The PIC must find ways to reduce time lags whenever possible. It amounts to mitigating potential harm to data subjects.”