Section IV of the National Privacy Commission’s (NPC) Circular 16-03 referring to Personal Data Breach Management, requires that the complying organization impose a breach management policy for the purpose of preventing or minimizing the occurrence of a personal data breach and assure the timely discovery of any security incident. This breach management policy may be incorporated into the organization’s privacy policy and privacy management programs that should be set up and properly cascaded amongst the organization’s employees. One good example of a privacy policy as discussed in the establishment of a data privacy accountability framework is stated in the study published by Henry Chang, listed in https://www.nymity.com/data-privacy-resources/~/media/NymityAura/Resources/Research/Privacy-Accountability-Management-Framework-For-Data-Controllers-Operating-Across-Asia.pdf. The study included the application of the proposed data privacy accountability framework under Philippine law, as well as other Asian countries which have enacted data privacy and protection laws. For the benefit of personal information controllers and personal information processors, the National Privacy Commission is currently developing a template that may be used as basis in the drafting of a new privacy policy, or in the revision of an existing one.
There is currently no certification process for an organization’s (level of) compliance with the Data Privacy Act. Nonetheless, the Commission does recommend that organizations obtain certifications or accreditations vis-à-vis existing international standards, such as those prescribed by the International Organization for Standardization (ISO), including the following:
The Commission does not also require certifications for key personnel of personal information controllers or personal information processors, such as the latter’s Data Protection Officer or Compliance Officer for Privacy. However, it is considered best practice across jurisdictions for organizations to properly equip their personnel with appropriate trainings that enable them to fulfill their specific roles and functions. Some international certifications or trainings commonly considered for this purpose include:
While not explicitly required, certifications and/or accreditations allow for a more efficient verification and monitoring process on the part of the Commission.
All content is in the public domain unless otherwise stated.
Learn more about the Philippine government, its structure, how government works and the officials behind it.
GOV.PH