NPC SERVICES





I WANT TO

Know More

Know Your Rights
The Data Privacy Act and Its IRR
Memorandum Circulars
Advisories
Advisory Opinions
30 Ways to Love Yourself Online
Other Resources
Questions? AskPriva




I WANT TO

Comply

Register
Appointing a Data Protection Officer
Conducting a Privacy Impact Assessment
Creating a Privacy Manual
Implementing Privacy and Data Protection Measures
Exercising Breach Reporting Procedures




I WANT TO

Complain

Mechanics
Submit a Complaint






What is Data Privacy?

The right of an individual not to have private information about himself disclosed, and to live freely from surveillance and intrusion.


News & Events





Privacy Chief Invites LGUs to Host Personal Data Privacy Compliance Seminars and Workshops
March 1, 2023

The National Privacy Commission (NPC), in coordination with the Department of the Interior and Local Government (DILG), invites all Provincial Governors, City and Municipal Mayors, and others concerned to host personal data privacy compliance seminars and workshops in their respective local government units (LGUs). One of the key thrusts of the NPC is to equip […]

READ MORE



Data privacy seminar for the insurance industry
February 16, 2023

In collaboration with Pru Life UK and FinTech Alliance PH, the National Privacy Commission (NPC) invites the members of the insurance industry to join the data privacy seminar on February 23, 2023 from 9:00 AM to 5:00 PM at the Marquis Events Place, Bonifacio Global Street, Taguig City. In this seminar entitled “Privacy Matters in […]

READ MORE



NPC launches online registration system for data processing systems
February 3, 2023

PASAY CITY – The National Privacy Commission (NPC) launched its online registration system today February 3, 2023. The NPC Registration System (NPCRS) is an online platform that provides a secure and seamless portal for both government and private organizations to register their data processing systems with the Commission. It is the latest system developed and […]

READ MORE



More Updates

Announcement

Call for Public Input on the Training the Trainers (T3) and DPO ACE Programs

In view of the upcoming end of the existing PhilDPO Programs, the National Privacy Commission (NPC) is
inviting all training partners and institutions under the Training the Trainers (T3) Program, as well as
previous participants of the DPO ACE Program, to submit comments and recommendations on the
prescribed DPO ACE curriculum and T3 procedural guidelines.

Your inputs will help the NPC develop new programs that will sufficiently cover the foundational and
operational aspects of the Data Privacy Act of 2012 (DPA) necessary for practitioners as well as anyone
who seeks to have a better understanding of the DPA and its application to actual situations.

Please send your feedback on the T3 and DPO ACE Programs to [email protected] until 14 April
2023. If you will be sending feedback as a DPO ACE participant, please indicate the name of the T3 provider
where you undertook your DPO ACE training.

We look forward to hearing from you. Thank you for your continued support in this initiative.

For additional reference, the T3 Procedural Guidelines may be accessed through this link

NOTICE OF 2ND PUBLIC CONSULTATION ON THE DRAFT REPEAL OF NPC CIRCULAR 16-01 (SECURITY OF PERSONAL DATA IN GOVERNMENT AGENCIES)

Concerned organizations, stakeholders, and other interested parties are invited to submit their valuable inputs regarding the new draft circular to be adopted by the National Privacy Commission (NPC).

To access the draft NPC Circular on the Security of Personal Data in Public and Private Sectors, please click here.

This draft circular aims to repeal NPC Circular 16-01 and provide updated requirements for the security of personal data in the government and private sector due to the ever-changing security threat and technology landscape. It shall enable personal information controllers to meet the general security requirements and comply with the Data Privacy Act of 2012.

Please send your comments/suggestions/opinions and other valuable inputs to [email protected] no later than 21 April 2023.

The Commission will conduct a virtual public consultation on 04 April 2023 from 10:30AM to 11:30AM. Interested participants who wish to join may email the above address on or before 03 April 2023.

Thank you.

REMINDER ON THE SUBMISSION OF THE 2022 ANNUAL SECURITY INCIDENT REPORT

The deadline to submit 2022 Annual Security Incident Reports is until 31 March 2023. Submission shall be done only through the Data Breach Notification Management System (DBNMS). Any other mode of submission is not allowed.

For a step-by-step instruction on how to submit an ASIR in the DBNMS, please follow the video tutorials on this link: Click here

CALL FOR PUBLIC INPUT

NPC Guidelines on the following:

  1. Deceptive Design Patterns and Manipulative Personalization
  2. Processing of Personal Data using Body-Worn Cameras by Law Enforcement Agencies
  3. Use of Portable Storage Devices

 

The Data Privacy Act of 2012 (DPA) mandates the National Privacy Commission (NPC)
to monitor the country’s compliance with international standards for data protection.
Pursuant to this mandate, the NPC is currently crafting the abovementioned
Guidelines.

NPC wants to hear from you.

To create responsive regulations, the NPC requests inputs on your experiences, issues,
and concerns on the following:

  1. Usage of deceptive design and dark patterns and manipulative personalization in
    obtaining consent for the processing of personal data;
  2. Operation of body-worn cameras and alternative recording devices by law enforcement
    agencies for police operations and other related law enforcement activities; and
  3. Utilization of portable storage devices for personal data processing activities.

The submission of concrete examples and use cases detailing these issues will be
greatly appreciated. Your contributions will truly help in the creation of sound policies
in the furtherance of the right to data privacy in the country.

 

You may submit your comments, recommendations, and papers to
[email protected] until 31 March 2023 with the following subjects:

“Call for Public Input – Deceptive Design Patterns”

“Call for Public Input – Body-Worn Cameras”

“Call for Public Input – Portable Storage Devices”

We look forward to your responses. Thank you.

NOTICE OF PUBLIC CONSULTATION

Concerned organizations, stakeholders, and other interested parties are invited to
submit their comments/suggestions/opinions and other valuable inputs regarding the draft
Circular on the Amendments to National Privacy Commission 2021 Rules of Procedure.

Please see attached Draft NPC Circular for your reference. click here

The issuance will amend certain provisions of the 2021 Rules of Procedure of the
National Privacy Commission.

Please send your comments/suggestions/opinions and other valuable inputs
to [email protected] not later than 22 March 2023.

The Commission will conduct a second online public hearing on 27 March 2023 from
1: 00 to 3: 00 p.m. Interested participants who wish to join may send an email to the addresses
provided above on or before 22 March 2023.

Thank you.

Pre-Registration for the DPO ACE Level I Examination

The DPO Accountability, Compliance, and Ethics (ACE) Level 1 Examination is
scheduled from 11 April to 12 May 2023.

Individuals interested in taking the examination are highly encouraged to pre-register
with the National Privacy Commission (NPC). This will allow the NPC to determine the
number of interested individuals in each region and book the testing venues accordingly.

To pre-register, please submit the following information to [email protected]:

  • Full name
  • Preferred location to take the exam (e.g., NCR, Region I, Region II)
  • Name of training provider
  • Dates of training attended
  • Proof of participation in the training (i.e., photo or scanned copy of a Certificate of Participation)

Please submit the information not later than 20 March 2023, 7:00 PM. The email subject
should follow this format: “Exam Preregistration_(Surname, First Name)”

While pre-registration does not serve as an official registration to take the examination,
priority for exam slots will be given to those who will pre-register on or before the
deadline.

Please visit the NPC’s official website and social media accounts for related updates.

NOTICE OF 2ND PUBLIC CONSULTATION ON THE DRAFT NPC CIRCULAR ON THE PREREQUISITES FOR THE PHILIPPINE PRIVACY MARK CERTIFICATION PROGRAM

Concerned organizations, stakeholders, and other interested parties are invited to submit their valuable inputs regarding the new draft circular to be adopted by the National Privacy Commission (NPC).

To access the draft NPC Circular on the Prerequisites for the Philippine Privacy Mark (PPM) Certification Program, please click here.

This draft circular aims to provide the prerequisites for certification of PICs or PIPs and accreditation of Certification Bodies under the PPM Certification Program.

Please send your comments/suggestions/opinions and other valuable inputs to [email protected] no later than 23 March 2023.

The Commission will conduct a virtual public consultation on 22 March 2023 from 10:30 to 11:30 a.m. Interested participants who wish to join may email the above address on or before 21 March 2023.

Thank you.

Announcement regarding the DPO ACE Level 1 Examination

The DPO Accountability, Compliance, and Ethics (ACE) Level 1 Examination administered by
the Phil-DPO Program will be held from 11 April to 12 May 2023.

Details on the testing venues and registration instructions will be announced in the next few
weeks. Interested test takers are encouraged to regularly visit the NPC website for further
announcements.

Details on testing venues outside of Metro Manila will be announced separately.

For inquiries, please email [email protected].

###

ANNOUNCEMENT ON DPS REGISTRATION

With the launch of the National Privacy Commission Registration System (“NPCRS”) and the effectivity of NPC Circular No. 2022-04 on 11 January 2023, the Commission will no longer accept new registration, amendments, and renewal of registration except through the NPCRS portal. Submission through email, personal filing, ordinary mail, licensed courier service and other mode of physical submission shall not be considered valid.

Personal Information Controllers (PICs), Personal Information Processors (PIPs), and Individual Professionals processing personal data who are covered by mandatory registration (Sec. 5 NPC Cir. 22-04) have 180 days or until 10 July 2023 to comply.

NPC Circular No. 2022-04 can be accessed through this Link

All PICs/PIPs are directed to create an account, through its Data Protection Officer, and register Data Processing Systems at Link

For registration related inquiries, you may reach the us through email at [email protected]

For system [NPCRS] related inquiries, please email us at [email protected]

For PICs/PIPs who do not fall under Section 5 on Mandatory Registration of NPC Circular No. 2022-04, You are required to submit a notarized document of Annex 1 - Sworn Declaration and Undertaking for Exemption from Registration of Data Processing Systems at [email protected]

All Certificates of Registration with effectivity dates until the 8th of March 2023 are EXTENDED to 10 July 2023.

PICs, PIPs, and Individual Professionals holding OLD Certificates of Registration bearing a different effectivity date shall be considered not-registered.

Compliance and Monitoring Division

ACCEPTANCE OF THE PRINTED EPHILID AS VALID PROOF OF IDENTITY AND AGE IN ALL SERVICES OF THE NATIONAL PRIVACY COMMISSION

The National Privacy Commission accepts the various formats of the PhilSys digital ID, including the printed ePhilID, as a valid and sufficient proof of identity and age subject to authentication through the PhilSys Check. Please refer to the Philippine Statistics Authority Public Advisory dated 30 September 2022 and a sample of the official format of the printed ePhilID for reference.

Announcement regarding the submission of Personal Data Breach Notifications (PDBN) and Annual Security Incident Reports (ASIR)

With the launch of the DBNMS, the NPC will no longer accept Breach Notification and Annual Security Incident Report submissions except through the DBNMS online platform. Thus, submissions through email, personal filing, ordinary mail, licensed courier service, and any other mode of physical submission shall not be considered as valid.

All Personal Data Breach Notifications and Annual Security Incident Reports shall be submitted through https://dbnms.privacy.gov.ph .

See the Guidelines on the Issuance of Certificate of Pending/No Pending Case here and the Request for Certificate of Pending/No Pending Case Form here.

Send your requests to [email protected] with the subject "CPNPC Request_<name of entity/individual>"

Announcement regarding validity of existing Certificate of Registration, revised process on new application, renewal, and amendment of registration, and guidelines on common Data Protection Officers. For more information click here.

Advisory on modified in-person or face-to-face hearing of cases for all parties with pending hearings with the NPC download here

There is an easier and safer way to file your complaints before the National Privacy Commission through the improved COMPLAINTS-ASSISTED FORM (CAF). Download the new version of the form here. Do not forget to attach a copy of your supporting documents.

For inquiries, email us at [email protected]

For complaints, send your complaints-assisted form to [email protected]