LATEST UPDATES
Privacy Chief Invites LGUs to Host Personal Data Privacy Compliance Seminars and Workshops
March 1, 2023
The National Privacy Commission (NPC), in coordination with the Department of the Interior and Local Government (DILG), invites all Provincial Governors, City and Municipal Mayors, and others concerned to host personal data privacy compliance seminars and workshops in their respective local government units (LGUs). One of the key thrusts of the NPC is to equip […]
READ MORE
Data privacy seminar for the insurance industry
February 16, 2023
In collaboration with Pru Life UK and FinTech Alliance PH, the National Privacy Commission (NPC) invites the members of the insurance industry to join the data privacy seminar on February 23, 2023 from 9:00 AM to 5:00 PM at the Marquis Events Place, Bonifacio Global Street, Taguig City. In this seminar entitled “Privacy Matters in […]
READ MORE NPC launches online registration system for data processing systems
February 3, 2023
PASAY CITY – The National Privacy Commission (NPC) launched its online registration system today February 3, 2023. The NPC Registration System (NPCRS) is an online platform that provides a secure and seamless portal for both government and private organizations to register their data processing systems with the Commission. It is the latest system developed and […]
READ MORE
NPC conducts on-site visits among telcos to check compliance with DPA while implementing SIM Registration Act
January 16, 2023
January 13, 2023, METRO MANILA — The National Privacy Commission (NPC), through its Compliance and Monitoring Division conducts simultaneous Compliance Check On-site Visits to the head offices of telecommunication companies, such as Smart Communications, Globe Telecom, and Dito Telecommunity to ensure that they are implementing appropriate security measures to protect the personal data of Filipinos […]
READ MORE
NPC amends Circular on the processing of personal data for loan-related transactions
January 4, 2023
The National Privacy Commission (NPC) has amended certain provisions of its NPC Circular No. 2020-01 providing for the guidelines on the processing of personal data for loanrelated transactions which was published on September 14, 2020. Under NPC Circular No. 2022-02, the amendments cover the processing of personal data for evaluating loan applications, granting loans, collection […]
READ MORE NPC gathered Telcos to address data privacy concerns on the SIM Registration Act
December 30, 2022
The National Privacy Commission (NPC) convened with Telecommunications Companies (Telcos) on 29 December 2022, specifically to address the public’s data privacy concerns in relation to the effectivity of Republic Act No. 11934 also known as the “Subscriber Identity Module (SIM) Registration Act.” The registration officially commenced on 27 December 2022 wherein it gathered various concerns […]
READ MORE
STATEMENT OF PRIVACY COMMISSIONER JOHN HENRY NAGA ON SELFIE VERIFICATION IN SIM CARD REGISTRATION
December 29, 2022
In performing their responsibilities under the Subscriber Identity Module (SIM) Card Registration Act, Public Telecommunications Entities (PTEs) are reminded of their obligation to process our citizens’ personal data in accordance with the Data Privacy Act of 2012. Thus, as an additional layer of protection against fraud and identity theft, the processing involved in selfie verification […]
READ MORE
NPC conducts the 2022 DP Council Election to ensure continuous sectoral engagement and compliance with the DPA
December 29, 2022
PASAY CITY — The National Privacy Commission (NPC) held the 2022 Data Privacy (DP) Council Election last 22 December 2022 to ensure continuous sectoral engagement and proper coordination towards the effective compliance with the Data Privacy Act (DPA) of 2012. One representative and one vice-representative was elected into the DP Council from the following identified […]
READ MORE
NPC, CICC sign MOA to thwart the use of ICT for data breaches and cybercrimes
December 12, 2022
PASAY CITY —- The National Privacy Commission (NPC) and the Cybercrime Investigation and Coordinating Center (CICC) jointly signed a Memorandum of Agreement (MOA) to synergize their efforts in combating and preventing the use of information and communication technology (ICT) for criminal and unauthorized purposes. The agreement was signed on December 9, 2022. The joint signing […]
READ MORE Notice of Public Hearing
November 14, 2022
Concerned organizations, stakeholders, and other interested parties are invited to submit their valuable inputs regarding the draft new registration circular to be adopted by the National Privacy Commission. Please see attached NPC Circular for reference. Click here Please see attached Regulatory Impact Statement. Click here This Circular aims to replace NPC Circular 17-01, which, together […]
READ MORE Announcement regarding the submission of Personal Data Breach Notifications (PDBN) and Annual Security Incident Reports (ASIR)
October 14, 2022
All Personal Data Breach Notifications (PDBN) and Annual Security Incident Reports (ASIR) shall be submitted through the Data Breach Notification Management System (DBNMS) online platform (https//dbnms.privacy.gov.ph). Submissions through email, personal filing, ordinary mail, licensed courier service, and any other mode of physical submission shall NOT be considered as valid. The deadline for the submission of […]
READ MORE Press Statement of NPC on the SIM Card Registration Bill
October 10, 2022
The National Privacy Commission (NPC) supports the intention of the SIM Card Registration Bill to prevent the proliferation of various and evolving electronic communicationaided criminal activities. The NPC is fully aware that implementing a SIM card registration system will entail a massive collection of personal data. Hence, there is a strong need to develop a […]
READ MORE
PH, Singapore renew stronger ties in personal data protection
September 15, 2022
The Philippines and Singapore renewed their commitment to deepen their ties in personal data protection. In a Memorandum of Understanding (MOU) signed on September 7, 2022 by Privacy Commissioner John Henry D. Naga of the National Privacy Commission (NPC) and Commissioner Lew Chuen Hong of Singapore’s Personal Data Protection Commission (PDPC), the two countries reaffirmed […]
READ MORE
National Privacy Commission issues an Order to Telcos to cooperate on investigation of smishing attacks
September 9, 2022
Pasay City, September 8, 2022 —-The National Privacy Commission (NPC) orders telecommunication service providers, Globe Telecom Inc., Smart Communications Inc., and DITO Telecommunity, to submit a comprehensive audit report which shall include an examination of their respective distributor frameworks for their Subscriber Identity Modules (SIM cards) used in smishing messages that contain the names of […]
READ MORE Statement of the National Privacy Commission on Targeted Smishing Messages
September 8, 2022
The result of the initial investigation of the National Privacy Commission (NPC) shows that data aggregators are unlikely to be the source of the recent wave of targeted smishing messages that specify the recipient’s name. The NPC, through its Complaints and Investigation Division, has observed from the smishing reports it received, that the smishing messages […]
READ MORE Statement of Privacy Commissioner John Henry Naga on unsolicited text messages containing users’ names
September 2, 2022
The National Privacy Commission (NPC) is monitoring and investigating the proliferation of unsolicited text messages (texts) from anonymous numbers, with some containing the receiver’s names. The NPC held a meeting with telecommunications providers today, 01 September 2022, where the participants committed to intensify their technological and security safeguards, including the blocking of numbers to curb […]
READ MORE Statement of the National Privacy Commission on the effectivity of its Circular on Administrative Fines
August 27, 2022
The National Privacy Commission’s (NPC) Circular No. 2022-01 — Guidelines on Administrative Fines for data privacy infractions, published last August 12, 2022, takes effect today, August 27, 2022. The NPC demands the full cooperation and compliance of personal information controllers (PICs) and personal information processors (PIPs) in the implementation of the Circular. The NPC believes […]
READ MORE NPC issues Circular on Administrative Fines for data privacy infractions
August 12, 2022
PASAY CITY, August 12, 2022 — The National Privacy Commission (NPC) issues the Circular on Administrative Fines for data privacy infractions committed by personal information controllers (PICs) and personal information processors (PIPs). NPC Circular No. 2022-01 (Circular) on the Guidelines on Administrative Fines recognizes that it is essential for the public interest to impose administrative […]
READ MORE
NPC received an “unqualified audit opinion” from COA
July 18, 2022
The National Privacy Commission (NPC) has received an unmodified opinion (also referred to as unqualified opinion) from the Commission on Audit (COA) for the fair presentation of its financial statements for the Calendar Year 2021. The audit was conducted in accordance with the International Standards of Supreme Audit Institutions and covered the review of accounts […]
READ MORE NOTICE OF PUBLIC HEARING
July 18, 2022
NOTICE OF PUBLIC HEARING Concerned organization, stakeholders, and other interested parties are invited to submit their comments/suggestions/opinions and other valuable inputs regarding the draft new registration circular to be adopted by the National Privacy Commission. Please see attached NPC Circular for reference. click here This Circular aims to replace NPC Circular 17-01, which, together with […]
READ MORE PAW 2022: Data privacy awareness advances culture of privacy in PH
June 10, 2022
Data privacy awareness, as a crucial part of creating a culture of privacy in the Philippines, sits at the forefront of this year’s Privacy Awareness Week (PAW) celebration. Pursuant to Presidential Proclamation No. 527 signed by President Rodrigo Roa Duterte in 2018, PAW is annually celebrated every last week of May. The two-day conference held […]
READ MORE PAW 2022: NPC awards outstanding data privacy practices in public, private sectors
June 7, 2022
Outstanding data privacy practices in both public and private sectors are recognized during the 5th National Data Privacy Conference, in celebration of the Privacy Awareness Week (PAW) for the year 2022. Through the PAW Awards, a subtheme of this year’s PAW conference, the National Privacy Commission (NPC) honored the efforts of personal information controllers (PICs), […]
READ MORE
PH to support establishing an international certification system promoting interoperability among different data protection frameworks
May 12, 2022
Member economies of the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) System, including the Philippines, declared the establishment of the Global CBPR Forum to foster interoperability among different regulatory approaches to data privacy and protection. In its Declaration, the Global CBPR Forum stated that it intends to establish an international certification system based on […]
READ MORE
NPC conducts on-site compliance checks to determine level of compliance with the DPA
May 5, 2022
The National Privacy Commission (NPC) is conducting on-site compliance check visits to personal information controllers (PICs) and personal information processors (PIPs), to verify compliance documents submitted and determine whether there are substantial findings of non-compliance with the Data Privacy Act of 2012 and NPC’s issuances. On-site visits are being conducted by the NPC’s Compliance and […]
READ MORE
NPC launches user-friendly online system for faster and easier data breach notification management and reporting
April 21, 2022
On April 20, 2022, the National Privacy Commission (NPC) held its virtual launching of the Data Breach Notification Management System (DBNMS), a user-friendly interface that facilitates easy tracking and faster submission of Personal Data Breach Notifications and Annual Security Incident Reports. The DBNMS is a standardized and automated system, making it easier for personal information […]
READ MORE Global Cross-Border Privacy Rules (CBPR) Declaration
April 21, 2022
Canada, Japan, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and the United States of America, as current economies participating in the APEC CBPR System, Recognising that growing Internet connectivity and the digitisation of the global economy have resulted in the rapid increase in the collection, use, and transfer of data across borders, a […]
READ MORE
NPC presents the revised draft Circular on Administrative Fines for data privacy violators
March 25, 2022
The National Privacy Commission (NPC) conducted an online public hearing on March 22, 2022, where the updated draft Circular on Administrative Fines was presented before its stakeholders. The updated draft includes consolidated comments from previous hearings which started last April 2021. In consideration of the comments from the public, the NPC revised the scope to […]
READ MORE Guidelines on the Lawful Processing of Personal and/or Sensitive Personal Information Based on Consent, Contract and/or Legitimate Interests
March 25, 2022
The Data Privacy Act of 2012 (DPA) mandates the National Privacy Commission (NPC) to monitor the country’s compliance with international standards for data protection. Pursuant to this mandate, the NPC is currently crafting guidelines for the processing of personal and sensitive personal information based on Consent, Contract, and Legitimate Interests (Guidelines). NPC wants to hear […]
READ MORE NPC welcomes newly appointed Deputy Commissioner and Directors for Data Security and Privacy Policy
March 16, 2022
Malacañan appointed a private lawyer and former Dapitan City Councilor Atty. Dug Christopher B. Mah as the new Deputy Privacy Commissioner of the National Privacy Commission (NPC), effective March 2022. The NPC also welcomed newly appointed Directors, Atty. Franklin Anthony Tabaquin IV for the Privacy Policy Office and Atty. Aubin Arn Nieva for Data Security […]
READ MORE
Announcement regarding validity of existing Certificate of Registration, revised process on new application, renewal, and amendment of registration, and guidelines on common Data Protection Officers
March 4, 2022
A. DURATION OF THE VALIDITY OF CERTIFICATES OF REGISTRATION The Commission is extending the validity of ALL EXISTING Certificates of Registration (CORs) issued in the year 2021 from 08 March 2022 to 08 March 2023. For Certificates of Registration issued before 2021, PICs and PIPs are directed to RENEW their registration with the Commission. B. […]
READ MORE
Privacy Commission issues guidelines on evaluating requests for personal data of public officers including SALN
March 1, 2022
The National Privacy Commission (NPC) has issued guidelines on evaluating requests for personal data about public officers. NPC Advisory No. 2022-01 states that any disclosure of personal data shall observe the general privacy principles of transparency, legitimate purpose, and proportionality. Additionally, every government agency must be responsible for personal data under its control or custody. […]
READ MORE
NPC invites public to a symposium on data subject rights, scope of DPA in abusive practices of OLAs
February 21, 2022
The National Privacy Commission (NPC) invites the public to a virtual symposium on online lending to let them learn about their data privacy rights as borrowers, and the scope of the Data Privacy Act (DPA) in terms of unethical and abusive online lending practices. The online event is entitled “Ikaw at OLA: Talakayan ukol sa […]
READ MORE
NPC and PCC sign MOA to boost consumer and data privacy protection
February 10, 2022
On February 9, 2022, the National Privacy Commission (NPC) and the Philippine Competition Commission (PCC) jointly signed a Memorandum of Agreement (MOA) in order to foster cooperation and coordination between the two regulatory agencies. The MOA signing ceremony was held virtually and attended by NPC Privacy Commissioner John Henry D. Naga and PCC Chairperson Arsenio […]
READ MORE
NPC survey: PH now with heightened data privacy awareness & knowledge, driven by social media and TV
February 2, 2022
Based on a recent survey commissioned by the National Privacy Commission (NPC), public awareness and knowledge on the Data Privacy Act (DPA) grew from 13% in 2017 to 25% in 2021. However, most of those with internet access still lack awareness on internet security, with only 9% awareness of appropriate social media usage. The nationwide […]
READ MORE
NPC conducts separate clarificatory meetings with Manila Bulletin and the COMELEC
January 28, 2022
The National Privacy Commission (NPC) conducted separate clarificatory meetings on January 25, 2022 with representatives from the Commission on Elections (COMELEC) and Manila Bulletin regarding the alleged hacking and data breach involving COMELEC servers. COMELEC denied that the database of overseas voters was compromised and clarified that a list of overseas voters is made publicly […]
READ MORE NPC PHE Bulletin No. 22 Processing of Household Vaccination Information by Local Government Units
January 17, 2022
The National Privacy Commission (NPC) received concerns on the collection of vaccination information by the local government units (LGUs), specifically the barangays, as directed by the Department of the Interior and Local Government (DILG). We understand from various news reports and media interviews that the DILG ordered barangays to submit their respective lists of unvaccinated […]
READ MORE Statement of Privacy Commissioner Naga on alleged COMELEC hack and data breach
January 12, 2022
The National Privacy Commission (NPC) issued separate orders to the Commission on Elections (COMELEC), Mr. Art Samaniego Jr., and Manila Bulletin to appear for a clarificatory meeting via teleconference on January 25, 2022 on the alleged hacking and data breach incident involving the COMELEC servers. On January 8, 2022, the NPC received information from Mr. […]
READ MORE
Court of Appeals upholds the Decision of the National Privacy Commission
January 11, 2022
On December 14 2021, the Court of Appeals (CA) Sixteenth Division issued a Decision denying the petition for review filed by Pieceland Corporation (Pieceland) and upholding the ruling of the National Privacy Commission (NPC) in NPC Case No. 19-528 (Pieceland Corporation v. Manila New Life Church Inc.). “The Commission welcomes the Decision of the appellate […]
READ MORE Statement of Privacy Commissioner John Henry D. Naga for the New Year 2022
December 31, 2021
As we enter another year, I encourage everyone to be one with the National Privacy Commission in championing the values of COURAGE, COMPASSION, AND INTEGRITY. The internet is rife with cybercriminals taking advantage of users all year round. I urge organizations and individuals to constantly look out for and devise ways to lessen, if not […]
READ MORE
NPC gets ISO certification
December 31, 2021
The National Privacy Commission (NPC) has been recommended to International Organization for Standardization (ISO) 9001:2015 certification. The ISO certifying body made the recommendation after two (2) audit stages were undertaken on December 13 and 20, 2021, respectively. ISO 9001:2015 is an international standard dedicated to a quality management system based on the principles of customer […]
READ MORE
Privacy Commissioner John Henry Naga’s statement on possible personal data breach in recent BDO hacking
December 23, 2021
The National Privacy Commission (NPC) is investigating the possible personal data breach involving unauthorized transactions and potential unauthorized processing of personal data resulting from the suspected compromise of multiple BDO Unibank, Inc. (BDO) accounts. As early as December 11, 2021, the NPC’s Complaints and Investigation Division has commenced the investigation of this serious security incident […]
READ MORE Palace appoints new PH privacy commissioner
December 17, 2021
Malacañang has appointed Atty. John Henry Du Naga as the new privacy commissioner of the National Privacy Commission (NPC), effective December 14, 2021, for a term of three years. Incoming Commissioner Naga will succeed Privacy Commissioner Raymund Enriquez Liboro, whom the former worked with as Deputy Privacy Commissioner. Commissioner Liboro congratulated his erstwhile deputy for […]
READ MORE NPC sees benefits from privacy-protected SIM-card registration (Statement of Privacy Commissioner Raymund E. Liboro)
December 10, 2021
The Philippines may harness the benefits of the proposed SIM-Card Registration Act by enabling SMEs engaged in e-commerce and engendering consumer trust in a fastgrowing identity-linked digital services society. The recent approval of the bill in the House of Representatives came at a time of rapid digitalization during the pandemic that resulted in the Filipinos’ […]
READ MORE
Interagency group vows to catch scammers behind smishing, text spams
December 6, 2021
Ten government agencies, including the Bangko Sentral ng Pilipinas (BSP) and Department of Justice (DOJ), have joined efforts to catch those behind the epidemic of smishing and text spams luring Filipinos into spurious investment schemes and work from-home jobs. “We desire to assist victims of cybercrime to the fullest and … bring the culprits to […]
READ MORE
NPC probes telcos, bank and payment platform on smishing; inter-agency body formed to go after scammers
December 1, 2021
The National Privacy Commission (NPC) has formally launched an investigation into whether telcos exercised due diligence and accountability in transacting with data aggregators linked to the sending of texts offering spurious jobs and investment schemes to millions of Filipinos. On Monday, the NPC sent Globe Telecom, Inc., Smart Communications, Inc. and Dito Telecommunity Corp. orders […]
READ MORE Online safety of children takes center stage in NPC’s Kabataang Digital
November 25, 2021
The National Privacy Commission (NPC) will hold the Kabataang Digital, its advocacy campaign that promotes online safety for children, on November 25, 2021. Under the slogan “Matalino, Mapagmatyag, at Mapanuri,” the annual young privacy advocates summit, in collaboration with the Department of Education (DepEd), is open to all students, educators, and parents. Kabataang Digital officially […]
READ MORE Statement of NPC on S&R data breach
November 24, 2021
The National Privacy Commission (NPC) received an initial breach notification report on November 15, 2021, 4:47 PM, from S&R Membership Shopping in relation to a cyber-attack that may have compromised its members’ contact information. The S&R said that it discovered the security incident last November 14, 2021. The company has then submitted an supplemental breach […]
READ MORE
NPC: GLOBAL SYNDICATE BEHIND SCAM TEXT SURGE; SUMMONS TELCOS, BANKS AND E-COMMERCE PLATFORMS
November 23, 2021
The National Privacy Commission (NPC) has summoned the data protection officers of Globe Telecom, Smart Communications, Dito Telecommunity, Lazada, Shopee and several banks to report on their spam prevention measures and further steps to combat the recent surge of scam texts that have been soliciting and misusing personal information. “We have summoned them to detail […]
READ MORE
NPC launches Ph Privacy Trust Mark to add value to business, boost trust in cross-border data transfers
November 11, 2021
The National Privacy Commission (NPC) launched today the Philippine Privacy Trust Mark (PPTM), which aims to increase trust and confidence in businesses and public offices as the mark offers the highest level of assurance on data privacy compliance and secure cross-border data transfers. “Our launch today of PPTM comes at an opportune time as we […]
READ MORE
NPC recognizes importance of complying with COA rules to promote transparency, good governance
November 8, 2021
In recognizing the importance of complying with Commission on Audit (COA) rules and regulations, the National Privacy Commission (NPC) held an online entrance conference with COA last month. The conference marked the official start of COA’s review of NPC’s accounts and transactions for calendar year 2021. The NPC reiterated that public funds must be spent […]
READ MORE
NPC leads creation of new global working group on “data sharing for the public good”
November 3, 2021
The National Privacy Commission (NPC) is leading the formation of a new working group under the Global Privacy Assembly (GPA) aimed at gathering and promoting data-sharing best practices to guide governments and regulators toward a post-pandemic economic recovery. “The new working group will focus on identifying practical approaches on how personal data can be shared […]
READ MORE Privacy Commissioner’s statement on invoking data privacy in the refusal to comply with subpoenas
October 21, 2021
We would like to reiterate that the Data Privacy Act of 2012 (DPA) does not prohibit the disclosure of personal or sensitive personal information (collectively, personal data) when necessary for purposes of complying with validly issued subpoenas by government investigating bodies. Data privacy rights should not be cited as an excuse to evade legal proceedings. […]
READ MORE
NPC launches trainers’ training to expand ranks of data privacy experts
October 20, 2021
The National Privacy Commission (NPC) has launched its Training the Trainers Program (T3), accrediting ten institutional privacy trainers and three individual accredited privacy trainers to develop more data privacy experts and nurture a culture of privacy across the country. “T3 will scale the number of trainings that can be administered, and it will promote a […]
READ MORE
Privacy Commission launches open call for accountability agent applicants for APEC cross-border privacy rules system
October 15, 2021
The National Privacy Commission (NPC) invites companies and organizations to apply for accreditation as an Accountability Agent for the APEC (Asia-Pacific Economic Cooperation) Cross-Border Privacy Rules (CBPR) System. The APEC CBPR System is voluntary and accountability-based, and facilitates data flows that respect privacy among APEC-member economies. The system requires organizations to develop and implement privacy […]
READ MORE
App and software developers learn importance of data privacy by design at NPC forum
October 14, 2021
Over 500 software and mobile app developers from local governments and the private sector learned the importance of adopting data privacy principles in all stages of their product development and business management processes at a privacy-by-design webinar that National Privacy Commission (NPC) conducted on Sept. 27. Kevin Shepherdson, a founder of Singapore-based privacy specialist firm […]
READ MORE
NPC reminds companies giving vaccine rewards to get consent
October 12, 2021
The National Privacy Commission (NPC) has reminded all personal information controllers (PICs) to get vaccinees’ free and informed consent before using any personal information in their COVID-19 vaccination cards for promos, raffles, or discounts. The agency recently issued NPC PHE Bulletin No. 20 in light of reports of collection of copies of COVID-19 vaccination cards […]
READ MORE NPC PHE Bulletin No. 21 Preventive Data Privacy Practices Against Smishing
October 7, 2021
The National Privacy Commission (NPC) has received reports of smishing where mobile users received unsolicited SMS messages allegedly due to the contact information they provided in COVID-19 contact tracing and health declaration forms. The contents of these unsolicited messages reportedly include links that redirect to legitimate looking but fraudulent sites when clicked. These sites may […]
READ MORE
Statement of Privacy Commissioner Raymund Liboro on the Implementation of Mobile Number Portability Law
October 1, 2021
The National Privacy Commission (NPC) welcomes the implementation of the Mobile Number Portability Act (MNPA). Data portability is a data subject right enshrined in Section 18 of the Data Privacy Act (DPA). Allowing mobile postpaid or prepaid subscribers to retain their existing mobile number despite switching between different mobile service providers gives data subjects control […]
READ MORE
COVID-19 software developers invited to NPC data privacy assembly
September 23, 2021
The National Privacy Commission (NPC) has invited COVID-19 contact-tracing application developers to a data privacy summit for the technology sector scheduled for September 27. More than 300 software developers are expected to attend the event, dubbed “DPO 24: The Data Protection Officers’ Assembly for the Technology Sector,” via MS Live Events. The event is open […]
READ MORE NPC PHE Bulletin No. 20 Processing of vaccination cards for promos, raffles, or discounts
September 16, 2021
The National Privacy Commission (NPC) received concerns about the collection of copies of COVID-19 vaccination cards by certain delivery companies, which are also personal information controllers (PICs), wishing to reward vaccinated individuals by offering them promos, raffles, or discounts. We laud these gestures as part of the ongoing initiative to encourage all eligible individuals to […]
READ MORE Joint press statement of the National Privacy Commission, Fintech Alliance.PH, Philippine Finance Association, and the non-bank financing sector against illegal practices of online lending apps
September 15, 2021
The National Privacy Commission (NPC) is ardent in promoting the ethical and responsible treatment of the citizens’ personal data. We, along with the Philippine Finance Association members, the Fintech Alliance.ph members, and the non-bank financing institutions, strongly condemn the practice of some online lending platforms in harvesting excessive information without legitimate purpose through the use […]
READ MORE
NPC invites online lending operators for a symposium on data privacy compliance and legitimate lending practices
September 3, 2021
The National Privacy Commission (NPC) invites the non-bank financial institutions (NBFI) sector, including the operators of online lending applications (OLAs), for an online symposium on Data Privacy Act (DPA) compliance and legitimate lending practices in relation to DPA after the Commission’s order to immediately take down four OLAs (JuanHand, Pesopop, CashJeep, and Lemon Loan), as […]
READ MORE
Google takes down apps on orders of NPC
September 1, 2021
Following orders from the National Privacy Commission (NPC) to take down JuanHand, Pesopop, CashJeep, and Lemon Loan, the four online lending apps (OLAs) no longer appear and are now unavailable for download from the Google Play Store. The NPC has furnished copies to Google LLC to remove them from Google Play Store for posing serious […]
READ MORE
Privacy Commission orders immediate takedown of four online lending apps
August 25, 2021
The National Privacy Commission (NPC) has ordered the immediate takedown of four online lending apps (OLAs), JuanHand, Pesopop, CashJeep, and Lemon Loan to protect the data privacy rights of borrowers. These apps have been the subject of various complaints of unauthorized use of personal data that resulted in harassment and shaming of borrowers and are […]
READ MORE
Online sellers told to protect customers’ personal data from unauthorized disclosure and improper disposal
August 12, 2021
The National Privacy Commission (NPC) is warning all online merchants or sellers against the unauthorized disclosure/processing and improper disposal of their customers’ personal data, which are prohibited acts under the Data Privacy Act of 2012 (DPA). Instances of alleged bogus online sellers in Cebu have been brought to the attention of the Commission. These online […]
READ MORE PROPOSED SUSPENSION OF THE PROVISIONS OF THE DATA PRIVACY ACT OF 2012 FOR CONTACT TRACING
August 6, 2021
READ MORE
NPC pushes adoption of international data protection standards on security techniques
August 4, 2021
The National Privacy Commission (NPC) is pushing for the adoption of international data protection standards on security techniques among organizations. These techniques cover privacy framework, implementation of data protection controls, management of identity information, and guidelines for privacy impact assessment. NPC’s Data Security and Compliance Office issued advisories on the adoption of a set of […]
READ MORE
NPC emphasizes privacy protection in anti-fraud data sharing initiatives of the financial industry
July 27, 2021
Anti-fraud data sharing initiatives of the financial services industry must eliminate potential risks on the personal data of data subjects. Advisory Opinion No. 2021-026 issued by the National Privacy Commission (NPC) guides personal information controllers in protecting the privacy of shared databases through strict adherence to the basic data privacy principles of transparency, legitimate purpose, […]
READ MORE
Privacy Commission issues cease-and-desist order to online political survey platform
July 12, 2021
Beware of a website that requires voters to give their full name, complete address, and mobile phone number so they can take part in a survey supposedly aimed at gauging the public pulse in the runup to the 2022 national elections. The National Privacy Commission (NPC) has issued a cease-and-desist order (CDO) to the website […]
READ MORE
NPC’s new initiative on ASEAN cross-border tools to boost PH digital competitiveness
July 7, 2021
The National Privacy Commission (NPC) has issued its first guidance on the adoption of tools which harmonize data management and cross-border transfer standards across the Association of Southeast Asian Nations (ASEAN), a move that will help Philippine businesses unlock more gains in the fast expanding digital economy across the ASEAN. These tools, namely the Model […]
READ MORE
A Stronger Data Privacy Law Sought in Proposed Amendments
June 25, 2021
Amendments to Republic Act No. 10173, known as the Data Privacy Act of 2012 (DPA), are sought to strengthen the current law amid the digital transformation in the Philippines. During the 55th Asia Pacific Privacy Authorities (APPA) Forum, Privacy Commissioner Raymund Enriquez Liboro said that the House of Representatives – Committee on Information and Communications […]
READ MORE National Privacy Commission urges developers of Instant Messaging Apps to limit the grant of application permissions for users
June 25, 2021
During this time that we are endeavoring to survive and recover from the COVID-19 pandemic, Instant Messaging (IM) applications currently play an important role in our daily lives to adapt with the restrictions limiting physical interactions. As a result, the concerns of the citizenry on how private and secure these apps emanate from their fear […]
READ MORE
NPC to collaborate with CICC to strengthen its Digital Forensic Laboratory
June 24, 2021
PASAY CITY — On June 23, 2021, the National Privacy Commission (NPC) signed a Memorandum of Agreement (MOA) with the Cybercrime Investigation and Coordinating Center (CICC). This collaboration aims to further enhance the capacity of NPC’s personnel in the conduct of digital investigation and forensics. This is in recognition of the significant synergies and complementarity […]
READ MORE
NPC highlights data controllers’ prominent role in digital growth, economic recovery
May 31, 2021
Privacy Commissioner Raymund E. Liboro called on businesses and organizations to step up efforts in adopting personal data protection principles and strategies, citing the economic and global opportunities that await those who commit to safeguarding their customers’ privacy to the highest standards. “An incentive for your companies is recognition for excellence for achieving a higher […]
READ MORE
NPC’s ACE training to help gov’t officials develop data privacy codes of conduct
May 26, 2021
The National Privacy Commission (NPC) is set to hold a Data Protection Officer Accountability, Compliance, and Ethics Certification Program (DPO ACE) on May 26, 2021 to bolster government officials’ capacity in developing data privacy codes of conduct. The DPO ACE is one of the annual activities being conducted during Privacy Awareness Week (PAW), which is […]
READ MORE
NPC is set to impose administrative fines
May 13, 2021
The National Privacy Commission (NPC) is set to impose administrative fines on data privacy violations of personal information controllers or processors from the private sector. A separate initiative for government agencies is also underway with the NPC holding consultations with the Civil Service Commission. The NPC presented the draft circular on the guidelines on administrative […]
READ MORE NPC PHE Bulletin No. 19: Personal data processing for the COVID-19 vaccination program
May 1, 2021
The National Privacy Commission (NPC) received various reports on the harmful data collection practices apparently for the vaccination program of the government. For instance, senior citizens were required by a personnel of a local government unit (LGU) to submit their personal data through the comments section of a social media platform if they wish to […]
READ MORE
PALACE APPOINTS FORMER DICT ASSISTANT SECRETARY AS NPC EXECUTIVE DIRECTOR
April 30, 2021
Malacañang appoints former Department of Information and Communications Technology (DICT) Assistant Secretary Atty. Ivin Ronald D.M. Alzona as the new Executive Director (ED) of the National Privacy Commission (NPC), effective April 2021. In the oath-taking ceremony on April 8, Privacy Commissioner Raymund Liboro, welcomed Alzona and his team in confidence to what he described as […]
READ MORE
Stop Profiling and Red Tagging Pandemic Heroes
April 22, 2021
The National Privacy Commission denounces in the strongest terms any act of unjust profiling of community pantry organizers whom we consider heroes of this pandemic as this may violate their right to privacy. We have always been firm in our stand that unjust profiling activities are unwelcome due to the risks it entails to our […]
READ MORE
On the Alleged Profiling of Community Pantry Organizers
April 20, 2021
While more people set up community pantries in the spirit of bayanihan, it has come to our attention that there were concerns over alleged profiling of organizers of these initiatives. Individuals were purportedly asked to provide personal data including their email address, Facebook account name, family background, among others. We would like to emphasize that […]
READ MORE
Using COVID-19 health data as travel requirement calls for ‘privacy by design’ approach
April 16, 2021
The Global Privacy Assembly (GPA) is urging government and organizations around the globe to embed a privacy by design approach in using COVID-19 health data as a travel requirement amid the pandemic. In a statement submitted to the executive committee of the GPA by COVID-19 Working Group Chair Raymund Liboro of the National Privacy Commission, […]
READ MORE
NPC PHE Bulletin No. 18: Online Raffles and Other Games of Chance: Ensuring Proper Safeguards in the Collection of Personal Data
April 11, 2021
As the country struggles with the pandemic and the limitations forced by the community quarantine, some enterprising businesses and organizations have offered to help individuals and families in need. From recent reports, this comes in the form of online raffles and other games of chance, where cash and/or livelihood assistance can be won instantly. The […]
READ MORE
Practice Transparency with Responsibility when Posting SAP Beneficiaries on Social Media
April 8, 2021
The National Privacy Commission is urging local government authorities to practice transparency with responsibility when posting the identities of the financial beneficiaries of the Social Amelioration Program (SAP) on social media. We understand that using social media platforms is a quick and accessible method to reach the public and uploading the list of SAP beneficiaries […]
READ MORE
NPC INVESTIGATING ALLEGED LARGE-SCALE FACEBOOK BREACH
April 5, 2021
The National Privacy Commission (NPC) is currently validating information that says 879,699 Facebook accounts of Filipino netizens allegedly are compromised as part of the large-scale breach affecting 533 million global users in the social media platform. Initial information shows that the data leaked includes phone numbers, full names, location, e-mail addresses, and biographical information of […]
READ MORE
Unified contact tracing app a welcome development says the Privacy Commissioner
March 30, 2021
Throughout this pandemic, we at the National Privacy Commission (NPC) maintained that privacy should be considered in government interventions that make use of personal data. When the government collects the personal data of our citizenry, we owe to them a solemn covenant to protect their personal data, and ensure that we will not use their […]
READ MORE
eRehistro: Certificate of Registration and User Credentials Frequently Asked Questions (FAQs)
March 22, 2021
Dahil maspinadali naming ang registration process, madali ka lang din makakuha ng Certificate of Registration! Narito ang iba pang detalye tungkol sa Certificate of Registration at user credentials sa eRehistro. Ano ang dapat asahan pagkatapos makagawa ng account sa eRehistro? Kapag nakagawa ka na ng account sa eRehistro, kailangang kumpletuhin ang mga detalye sa pagrehistro. […]
READ MORE
Privacy Commissioner Raymund Liboro on PNP request to obtain lawyer list in Calbayog City
March 19, 2021
In light of the issue concerning the request of list of lawyers representing communist groups, the National Privacy Commission (NPC) reminds all government agencies as personal information controllers of their duties and responsibilities under the Data Privacy Act of 2012. While the NPC recognizes that there may be a presumption of regularity in the conduct […]
READ MORE
Privacy Commission commends local government’s latest push towards data privacy compliance
March 19, 2021
The National Privacy Commission (NPC) commends the Department of the Interior and Local Government (DILG) and local government units (LGUs) for its policy to appoint data protection officers (DPOs) as part of a push to set data privacy standards in the collection and processing of personal data. In a memorandum circular dated Jan. 14, 2021, […]
READ MORE
eRehistro: Account Creation and DPS Registration
March 17, 2021
Para sa EASY at CONVENIENT na pagregister sa platform, narito ang ilang mga bagay na dapat mong ihanda para sa pagregister sa eRehistro! Sino-sino ang mga kailangang magregister sa eRehistro? Ang mga bago at lumang rehistrong organisasyon at indibiduwal na nagpoproseso ng personal data, o ang tinatawag nating Personal Information Controllers (PICs) at Personal Information […]
READ MORE
eRehistro: NPC’s new registration and renewal platform
March 1, 2021
We’re making this registration season easier for you with the launch of NPC’s new registration and renewal platform! Narito ang ilang mga paunang detalye tungkol sa eRehistro: What is eRehistro? Ang eRehistro ay ang EC online registration system ng National Privacy Commission. Easy-to-use dahil sa simpleng interface at Convenient dahil maliban sa maaari kang magregister, […]
READ MORE
Update on Alleged Cashalo Data Breach
February 23, 2021
Amid recent reports on the alleged data breach on the cash-loaning application Cashalo, operated by Oriente Express Techsystem Corporation, the National Privacy Commission (NPC) did a preliminary probe on the data security issue. Initial findings show that huge amounts of personal data from Cashalo are being dumped and sold on different cyber forums since February […]
READ MORE
Online Lending Firm Found Criminally Liable for Violating Data Privacy Law
February 19, 2021
The National Privacy Commission (NPC) has recommended the prosecution of Fynamics Lending Inc., the operator of the PondoPeso online lending application which has reportedly been harassing and public-shaming delinquent borrowers, for violating the data privacy law. In a 40-page decision, the Commission chaired by Privacy Commissioner Raymund Enriquez Liboro determined the criminal liability of Fynamics […]
READ MORE
NPC Statement on Reported Selling of Cashalo Users’ Personal Data
February 19, 2021
It has come to the National Privacy Commission’s attention that client data from Cashalo is being reportedly sold on the dark web. Rest assured that the Commission has already started investigating this matter. However, to avoid jeopardizing the investigation process, we will refrain from giving further details as of the moment. We endeavor to determine […]
READ MORE
Privacy Commission’s updated online learning guidelines advise schools to enforce social media policy
February 16, 2021
Schools engaged in online learning are advised to strictly enforce a social media policy that reminds the possible data privacy consequences of posting screen captures, images, videos, chats, and sounds involving students and teachers during online learning on social media platforms. Such actions may have implications on data privacy and other related regulations, according to […]
READ MORE NPC PHE BULLETIN No. 17: Update on the Data Privacy Best Practices in Online Learning
February 16, 2021
As schools remain constrained to conduct blended learning in lieu of face-to-face classes due to the risks of the COVID-19 pandemic, various inquiries were received from stakeholders on the conduct of synchronous online classes and other related matters. The National Privacy Commission, in its continuing efforts to provide responsive advice and guidance, underscores the need […]
READ MORE
NPC Statement on WhatsApp Terms of Use (Updated)
January 21, 2021
The National Privacy Commission (NPC) has learned that the widely used WhatsApp messenger is set to change its privacy policy in a way that would allow the sharing of data with third-party companies hosted by its parent firm Facebook. The move, according to WhatsApp’s new privacy terms, is exclusively intended to expand the application as […]
READ MORE
Privacy Commission orders lender Familyhan to take down list online of 6,000 borrowers
January 19, 2021
The National Privacy Commission (NPC) has ordered Familyhan Credit Corp. to immediately stop processing the personal data of more than 6,000 borrowers following an investigation of complaints that the online lender has put at risk the privacy of the data subjects in violation of the Data Privacy Act of 2012 (DPA). The Commission also ordered […]
READ MORE
Privacy Commission firms up collaboration with UK counterpart in sharing best privacy practices
January 14, 2021
The National Privacy Commission (NPC) recently signed a memorandum of understanding (MoU) with its counterpart in the United Kingdom to formalize their partnership as bilateral partners, and ensure a robust data privacy environment while fostering innovation and business growth. Privacy Commissioner Raymund E. Liboro and UK’s Information Commissioner Elizabeth Denham signed the MoU in a […]
READ MORE
Privacy Commission summons operators of website that exposed car owners’ personal data
January 11, 2021
The National Privacy Commission (NPC) is extending the cease-and-desist order (CDO) on lisensya.info following the failure of its owners and operators to counter privacy violation allegations the Commission received late last year that the website had breached personal information of Land Transportation Office (LTO)-registered motorists. Google Safe Browsing recently detected phishing activities on lisensya.info. The […]
READ MORE
Developers of LGUs’ Contact-Tracing Apps Enjoined to Act as Privacy Watchers
November 20, 2020
Software teams developing COVID-19 contact-tracing apps for local government units (LGUs) are advised to incorporate a privacy-by-design (PbD) approach and allow users to opt in and out of digital contact tracing. The recommendations are provided by the Data Security and Compliance Office of the National Privacy Commission (NPC). The NPC is currently conducting compliance checks […]
READ MORE
Privacy Commission calls on entities using CCTV to establish its legitimate purpose
November 18, 2020
Entities that use closed-circuit television (CCTV) to monitor public and semi-public spaces must identify its legitimate purpose and consider its impact on the rights and freedoms of data subjects. The National Privacy Commission (NPC) issued Advisory No. 2020-04 on Nov. 16, to guide personal information controllers (PICs) and processors (PIPs) that process personal data through […]
READ MORE
Privacy Commission to probe lisensya.info for possible privacy violation
November 11, 2020
The National Privacy Commission (NPC) is conducting a probe of lisensya.info, a website that associated itself with the Land Transportation Office (LTO), to determine possible breach of personal information of LTO-registered motorists. A total of 12.725 million vehicles were registered with the LTO in 2019. “The NPC shall verify the incident and look into the […]
READ MORE
Privacy Commission issues advisory cautioning establishments against repurposing of collected data
October 29, 2020
The National Privacy Commission (NPC) has warned against the repurposing of collected personal data in client/visitor contact-tracing forms and employee health-declaration forms for direct marketing, profiling, or any other use or purpose beyond what is required for Covid-19 prevention and control. Repurposing personal data is punishable under the Data Privacy Act (DPA), the Commission said […]
READ MORE
PH chosen to lead new global working group to sustain data-privacy dialogue on Covid-19
October 27, 2020
The Global Privacy Assembly (GPA) has created a new working group that will build on the successes of the Covid-19 Task Force in influencing global policy discussions on data privacy during the pandemic, with the country represented by the National Privacy Commission (NPC) chosen to lead the efforts. “As the Task Force has concluded, the […]
READ MORE
Online lenders barred from harvesting borrowers’ phone and social-media contact list, says Privacy Commission
October 19, 2020
Lenders operating online apps that can be installed in smartphones are prohibited from harvesting personal information, such as phone and social media contact lists, for harassing delinquent borrowers, the National Privacy Commission (NPC) said in a circular it published today, October 19. The Commission issued Circular No. 20-01 in response to numerous complaints that online […]
READ MORE
NPC holds first ever Health Privacy Forum to promote sector compliance
October 17, 2020
The National Privacy Commission (NPC) held on Oct. 15 a capacity-building webinar for data protection officers (DPOs) of the health sector to help them improve privacy and protection protocols. NPC’s first-ever Health Privacy Forum, which drew in almost 200 participants, was conducted in the wake of the Commission’s findings that the sector’s compliance with data […]
READ MORE
Privacy Commission probing reports against establishments over mishandling of contact tracing data
October 12, 2020
Several business establishments – from a mall, fast-food and drugstore chains, and supermarkets to a European fast-fashion retailer and a North American coffee shop franchisee – have been the subject of reports from citizens over mishandling and misuse of contact-tracing data, prompting the National Privacy Commission (NPC) to take steps in checking their compliance with […]
READ MORE
NPC, PCOO work toward government’s compliance with data privacy and freedom of info laws
October 8, 2020
The National Privacy Commission (NPC) and the Presidential Communications Operations Office (PCOO) will intensify assistance to government agencies for their proper enforcement and effective balancing of the Data Privacy Act and the executive order on Freedom of Information (FOI), two intertwining laws that have been reasserted at the recent Data Privacy and FOI Congress as […]
READ MORE
NPC PHE BULLETIN No. 16: Privacy Dos and Don’ts for Online Learning in Public K-12 Classes
October 1, 2020
As public K-12 classes nationwide are set to open in October, students, parents, guardians, teachers and schools would do well to heed guidelines on online learning that list dos and don’ts aimed at safeguarding sensitive personal information of pupils. Issued by the Data Privacy Council for the education sector and the National Privacy Commission (NPC), […]
READ MORE
Privacy Commission says suspending Data Privacy Act as recommended by business groups is counterproductive in curbing COVID-19 transmission
September 25, 2020
Science and medical ethics dictate that publicly naming COVID-infected individuals does not help in decreasing the transmission of infection and is counterproductive. The call to suspend the Data Privacy Act (DPA) is gross disregard for the expert opinions of epidemiologists and scientists around the world and the reality happening on the ground, especially in countries […]
READ MORE
Privacy Commission wants deeper probe of Facebook, tells social media giant to do more to protect users
September 24, 2020
We are initiating a deeper probe on Facebook’s proposed preventive actions regarding the proliferation of suspicious accounts as such activities on the platform continue to threaten the personal data privacy and other security-related rights of its Filipino users. According to Facebook, they “removed two separate networks for violating our policy against coordinated inauthentic behavior (CIB). […]
READ MORE
NPC, PCOO join hands in debunking myths on Data Privacy Act and Freedom of Information
September 21, 2020
How do you balance the right to privacy of individuals and freedom of information? The National Privacy Commission (NPC) and the Presidential Communications Operations Office (PCOO) are holding a joint virtual meeting tomorrow aimed at debunking myths surrounding the implementation of the Data Privacy Act (DPA) of 2012 and the Freedom of Information (FOI) Program. […]
READ MORE
Online Learning Guidelines Issued to Help Protect Student Privacy and Reduce Data Breaches in Schools
September 16, 2020
Before webcam-supported online discussions are recorded, schools must consider getting the consent of the parent or legal guardian of students below 18 years old, according to guidelines that a group of public and private universities and colleges across the country has issued. The presence of the parent or guardian during these recorded sessions must also […]
READ MORE
Contact Tracing Forms Must Collect Only What is Necessary
September 10, 2020
The National Privacy Commission (NPC) is discouraging the collection of signatures and other unnecessary personal information for contact-tracing forms and has called on businesses to work toward complying with data privacy standards. The statement comes in light of inquiries and information communicated to NPC that private establishments as well as some government agencies collect signatures […]
READ MORE
Statement of Privacy Commissioner Raymund Liboro on the PNP plan to monitor social media for quarantine violators
September 7, 2020
The plan by the Philippine National Police to scan social media for violators of quarantine protocols must recognize the data privacy rights of individuals.In keeping communities safe in this pandemic, leads and evidence gathered from social media and other digital tools to enforce the law must be legally obtained.By monitoring social media, the police must […]
READ MORE
COA’s auditing procedures not restricted by data privacy law, says Privacy Commission
August 29, 2020
The Data Privacy Act (DPA) does not obstruct the functions of public authorities.The DPA is not a restriction on the Commission on Audit (COA) gaining access to the personal information of data subjects collected by Philippine Health Corp. (PhilHealth).Personal data to be accessed shall be adequate, relevant, suitable, necessary, and not excessive in relation to […]
READ MORE
Transcending Regulatory Role: Data Privacy Authorities’ Massive Influence in Establishing Public Trust in a Crisis
August 28, 2020
Members and observers of the Global Privacy Assembly’s (GPA) COVID-19 Taskforce, which the National Privacy Commission (NPC) chairs, has tagged contact tracing as the biggest area of challenge for data regulators around the world, more so as economies gradually open up and more tracking efforts are launched. In his opening speech at the recent joint […]
READ MORE
DATA PRIVACY ACT is not a hindrance in contact tracing
August 11, 2020
Hospitals have the duty to disclose the necessary COVID patient details to LGU contact tracers following the DOH guidelines.COVID patients should be truthful in providing accurate personal details.In this pandemic, public health and data privacy are on the same side. The National Privacy Commission (NPC) reiterates that the Data Privacy Act (DPA) is not a […]
READ MORE
Privacy Commission limits disclosure of personal information in publication of decisions
August 6, 2020
To set privacy measures to a maximum and better ensure the safety of data subjects, the National Privacy Commission (NPC) will now pseudonymize their names in cases it publishes on its website. This is enforced through the Commission’s issuance in June of Advisory 2020 – 01 or the “Protocols for the Publication of Decisions, Resolutions […]
READ MORE Notice of Public Consultation for the Rules on the Issuance of Cease and Desist Order
August 5, 2020
Concerned organizations, stakeholders, and other interested parties are invited to submit their comments/suggestions/opinions and other valuable inputs regarding the Draft Rules on the Issuance of Cease and Desist Orders to be adopted by the National Privacy Commission. Download the Draft Rules on Issuance of Cease and Desist Order here. These Rules aim to outline the […]
READ MORE
Privacy Commission now allows e-hearings
August 5, 2020
The National Privacy Commission (NPC) has adopted videoconferencing to reduce the risks of coronavirus infections posed by face-to-face hearings. Advisory 2020 – 02 or the “Guidelines on the Use of Videoconferencing Technology for the Remote Appearance and Testimony of Parties Before the NPC” took effect on the day it was issued on 3 August. The […]
READ MORE
Data privacy leaders support President Duterte’s call for safer e-commerce, e-governance
July 28, 2020
Data privacy advocates in the public and private sectors, including those from the manufacturing, banking and BPO industries, have expressed support for President Duterte’s call for safer e-commerce and e-governance spaces in his fifth State of the Nation Address. “President Duterte’s thrust to protect consumers’ personal data, and enforce data protection and privacy laws will […]
READ MORE
Statement of Privacy Commissioner Raymund Enriquez Liboro on the disclosure of details surrounding BuCor’s COVID-19 cases
July 20, 2020
The Data Privacy Act is not a cloak for denying the public’s right to know. High-profile inmates like Jaybee Sebastian had become public figures on account of their previous association with particular national issues in the past. There is a justified public interest to release information like details surrounding the deaths from COVID-19 of these […]
READ MORE
Privacy Commission Pushes Restaurants, Barbershops, and Salons to Adopt Data Privacy Measures in Contact Tracing
July 9, 2020
The National Privacy Commission (NPC) reminded business establishments to take on data privacy and security measures, as prescribed by the Data Privacy Act (DPA) of 2012, as they conduct contact-tracing efforts. In NPC Bulletin 15 released yesterday, 8 July 2020, businesses, particularly restaurants, salons and barber shops, were told to collect only what is necessary. […]
READ MORE
NPC PHE Bulletin No. 15: Guidelines for Establishments on the Proper Handling of Customer and Visitor Information for Contact Tracing
July 8, 2020
Pursuant to DTI Memorandum Circular 20-28, s. 2020 (Guidelines to Follow on Minimum Health Protocols for Barbershops and Salons) and DTI Memorandum Circular 20-37, s. 2020 (Guidelines to Follow on Minimum Health Protocols for Dine-in Restaurants and Fastfood Establishments), establishments are required to implement contact tracing measures as one of the mandatory minimum requirements for […]
READ MORE NPC Extends Validity of Registration Until March 2021
June 30, 2020
The National Privacy Commission (NPC) is continuously making improvements in its online registration system. In light of the exigencies brought about by the COVID-19 pandemic, the NPC Registration System will be available on 4 January 2021. In this regard, the NPC is extending the validity of existing registrations of Personal Information Controllers (PICs) and Personal […]
READ MORE
NPC Initiates Code of Conduct to Guide Schools Amid Shift to Online Education
June 28, 2020
The National Privacy Commission (NPC) is working closely with various universities and colleges to create a Code of Conduct that will guide and enable school management, teachers, students and parents to cultivate a data privacy-conscious environment, especially as most activities are done online amid the quarantine. “The planned Code of Conduct will set the standard […]
READ MORE
Privacy Commissioner Liboro on FaceApp: Do Not Be Afraid Of New Technologies
June 25, 2020
Notable improvements in the application’s privacy policy The National Privacy Commission (NPC) has conducted an assessment of FaceApp, a mobile application that trended again on social media in the past week because of privacy concerns over its face-altering capability. Users have been uploading their selfies on FaceApp for entertainment purposes. Through facial recognition technology, the […]
READ MORE Privacy Commissioner Liboro urges schools to fortify information systems amid rising security incidents
June 18, 2020
The National Privacy Commission is looking into the reported security incidents sustained by prominent universities these past weeks.Amid the increase in personal data security incidents, we call on school officials to fortify their information systems.As schools shift to digital operations and virtual learning systems in the wake of the pandemic, they must prioritize the security […]
READ MORE
NPC PHE Bulletin No. 14: Updated Frequently Asked Questions (FAQs) Isinalin sa Wikang Tagalog
June 16, 2020
Inilalabas namin ang updated FAQs na ito bilang tugon sa mga isinangguni sa amin ng mga stakeholders ukol sa pag-iingat ng datos sa ilalim ng return-to-work at work-from-home na mga setup sa pagtatrabaho. Inaasahan na ang mga employer, nasa gobyerno man o pribadong sektor, ay responsable at may buong pananagutan sa pag-proseso ng personal na […]
READ MORE
Statement of Privacy Commissioner Raymund Enriquez Liboro on NPC’s upcoming meet w/ Facebook regarding impostor accounts
June 13, 2020
The National Privacy Commission has invited Facebook Philippines for a meeting on Tuesday, 16 June 2020, to seek more information regarding the numerous reports of impostor Facebook accounts.The Commission is currently coordinating with other government agencies, while conducting a separate investigation this matter.The National Privacy Commission is focused on probing the cause of the “privacy […]
READ MORE Statement of Privacy Commission Raymund Enriquez Liboro on the Reported Proliferation of “Impostor” Facebook Accounts
June 7, 2020
The National Privacy Commission is monitoring reports about the proliferation of alleged impostor Facebook accounts that have victimized Filipino data subjects. While the extent of these incidents is not yet fully determined at this time, we have been receiving reports from different sectors, mostly coming from academic institutions. We immediately brought this to the attention […]
READ MORE
NPC PHE Bulletin No. 14: Updated Frequently Asked Questions (FAQs)
June 5, 2020
We issue the following guidance and response to the updated FAQs raised by stakeholders’ concerns on returning-to-work and current work-from-home arrangements. We expect employers, whether in the government or the private sector, to process personal data responsibly and with accountability in order to address existing health threats brought by COVID-19. We also expect employees to […]
READ MORE
PH to lead global privacy taskforce on COVID-19
June 1, 2020
The National Privacy Commission (NPC) is leading the newly formed COVID-19 taskforce of the Global Privacy Assembly (GPA), instituted to guide 134 jurisdictions around the world in enabling effective government response to the pandemic while continuing to protect citizens’ personal data and privacy.Privacy Commissioner Raymund Enriquez Liboro commenced his chairmanship of the taskforce in an […]
READ MORE
PAW 2020: NPC calls for privacy boost amid quarantine easing
May 30, 2020
As the government gradually eases quarantine restrictions in the country, Filipino privacy professionals and advocates on Friday gathered virtually for the 3rd National Data Privacy Conference to discuss how organizations may best navigate the emerging new normal to ensure data subject trust remains intact. Speaking to some 2,000 online participants, many of whom are registered […]
READ MORE Official message from Privacy Commissioner Raymund Enriquez Liboro, regarding the reported hacking of PLDT’s Twitter account:
May 28, 2020
“The NPC has data breach notification protocols in place which we expect companies to follow. PLDT has a working data protection team that should be on top of its data breach response looking into this incident. We are awaiting their official report on the matter. And should this incident give rise to a real risk […]
READ MORE
NPC PHE Bulletin No. 13: Press Statement of Privacy Commissioner Raymund Eriquez Liboro on the collection of personal data to aid in contact tracing relevant to the COVID-19 response
May 21, 2020
The National Privacy Commission (NPC) recognizes the importance of effective contact tracing and a whole of government approach as a main public health intervention and strategy against COVID-19. Thus, the Commission is closely coordinating with the Department of Health (DOH) to ensure that its guidelines are consistent with the Data Privacy Act of 2012, the […]
READ MORE
NPC PHE Bulletin No. 12: Protecting Personal Data in a Work From Home Arrangement
May 15, 2020
As the Philippines was placed under varying levels of community quarantine to address the COVID-19 pandemic, organizations in the government and private sector implemented a work from home (WFH) setup, which is a type of telecommuting. Republic Act 11165 or the Telecommuting Act defines telecommuting as a “work arrangement that allows an employee in the […]
READ MORE
NPC PHE Bulletin No. 11: Joint Statement of the Department of Health (DOH) and National Privacy Commission (NPC) on Processing and Disclosure of COVID-19 Related Data
April 30, 2020
This joint statement is issued by the Department of Health and the National Privacy Commission in response to concerns raised by various stakeholders on the processing and disclosure of COVID-19 patient data, including those of COVID-19 suspect, probable, or confirmed patients. We uphold the Republic Act No. 11332 or the Mandatory Reporting of Notifiable Diseases […]
READ MORE
NPC PHE Bulletin No. 10: Proteksyon Laban sa Hindi Awtorisadong Pagbunyag sa Datos ng Pasyente
April 30, 2020
Sa mga nagdaang linggo, ang National Privacy Commission (NPC) ay nakatanggap ng breach notifications ukol sa posibleng unauthorized diclosure o hindi awtorisadong pagsiwalat ng sensitibong personal na impormasyon ng suspected, probable at confirmed na mga pasyenteng may COVID-19. Kasalukuyang sinisiyasat na ng NPC ang mga nasabing insidente, alinsunod sa Data Privacy Act. Upang maiwasan ang […]
READ MORE
NPC PHE BULLETIN No. 10: Protecting Patient Data from Unauthorized Disclosure
April 25, 2020
In recent weeks, the National Privacy Commission (NPC) has received several breach notifications which involve the possible unauthorized disclosure of sensitive personal information of suspect, probable and confirmed COVID-19 patients. The NPC is now looking into said breach incidents, in accordance with our internal procedures and in collaboration with concerned Personal Information Controllers (PICs), for […]
READ MORE
NPC PHE BULLETIN No. 9: NPC Supports DILG’s bid vs discrimination of COVID-19 frontliners
April 23, 2020
The National Privacy Commission supports the call of the Department of the Interior and Local Government on local government units to enact ordinances to safeguard COVID-19 frontline workers against acts of discrimination.Being a communicable disease, COVID-19 carries with it a stigma that brings out the worst in others. This stigma affects not just patients but […]
READ MORE
NPC PHE BULLETIN No. 8: On COVID-19 -related apps, digital tools and solutions in this time of pandemic
April 20, 2020
The National Privacy Commission (NPC) supports the successful use of digital technologies and the processing of personal data to enable health authorities contain the COVID-19 pandemic, in a manner that is effective and preserves and protects the data privacy rights of individuals.For COVD-19 related apps to be successful , these must be inclusive and trusted. […]
READ MORE
NPC issues ‘work from home’ guidelines to safeguard personal data
April 15, 2020
The National Privacy Commission (NPC) is instructing public and private organizations to ensure the protection of personal data as they implement a work from home (WFH) setup with their employees, which may likely stay on as part of the ‘new normal’ as the country continues to manage the COVID-19 crisis. In NPC PHE Bulletin No. […]
READ MORE
NPC PHE BULLETIN No. 7: Official Statement of the National Privacy Commission on Calls for Patients to Waive Privacy Rights, Publicly Disclose Health Status
April 6, 2020
Amid the public health crisis, we have been hearing calls from certain quarters for patients to temporarily set aside their data privacy rights, as though doing so makes for a robust weapon in overcoming this pandemic. In this war that is testing our humanity and values, it should be emphasized that protecting privacy rights is […]
READ MORE
NPC PHE BULLETIN No. 6: Collect the minimum necessary information in providing financial aid and other relief packages to those affected by the enhanced community quarantine
April 4, 2020
The National Privacy Commission (NPC) supports efforts by the national government to provide much-needed assistance to our people in these extraordinary times. We remind all government offices, including local government units, to further ease the people’s burden by exercising proportionality and collecting less of their data to facilitate such assistance. Collect only necessary personal details, […]
READ MORE
Statement by Privacy Commissioner Raymund Enriquez Liboro on “Social Vigilantism” in the time of COVID-19
April 2, 2020
The National Privacy Commission strongly condemns “social vigilantes” who attack or threaten the safety of health workers amid the COVID-19 pandemic in the misguided belief that such acts of discrimination may serve the public good. Social vigilantes are those who take it upon themselves to enforce their views of what they consider appropriate beliefs and […]
READ MORE NPC PHE BULLETIN No. 3: Wastong Pangangalaga sa Personal na Impormasyong Pangsugpo sa COVID-19 Pandemic
March 26, 2020
Click image for better viewing.
READ MORE
NPC PHE BULLETIN No. 4: Protecting personal data in the time of COVID-19
March 23, 2020
A growing number of online fraudsters are exploiting the public fear surrounding the COVID-19, using the pandemic to lure people into clicking phishing emails and installing malwares capable of stealing personal data and money. Our fear during a crisis can expose us to data privacy risks, predisposing us to make hasty or ill-informed choices online, […]
READ MORE
NPC PHE BULLETIN No. 3: Collect what is necessary. Disclose only to the proper authority.
March 19, 2020
Data protection in times of Emergency The National Privacy Commission recognizes the extraordinary challenges our nation is facing due to this unfamiliar global pandemic. We all share the same concern and the urgent need to contain the spread of the virus. To win this battle against COVID- 19, trusted and verified information is vital. Thus, […]
READ MORE
Statement by Privacy Commissioner Raymund Enriquez Liboro on the Declaration of Public Health Emergency in Relation to COVID-19
March 10, 2020
Data Privacy Vis-à-vis Public Health Following the President’s declaration of a public health emergency (PHE) concerning COVID-19, it is imperative upon the government to strike a balance between individual data privacy vis-à-vis public health interests, including the public’s right to know. We wish to emphasize that the Data Privacy Act does not prevent the government […]
READ MORE
NPC resets registration renewal in July
March 6, 2020
The National Privacy Commission (NPC) is extending until 31 August 2020 the validity of the registration of Personal Information Controllers (PICs) and Personal Information Processors (PIPs) to make way for a new automated system to be launched in July. The PICs and PIPs covered by the extension are those that previously completed at least Phase-I […]
READ MORE
Managing Mobile App Permissions
February 14, 2020
Android Application This refers to a software application running on the Android platform. It is designed for a smartphone or a tablet PC running on an Android OS. Mobile App Permission Govern what the application can do and access, ranging from access to data stored in a mobile phone (e.g. contacts, media files, camera, microphone, […]
READ MORE
NPC Suspends GRAB PH’S Selfie Verification, Audio, Video Recording Systems
February 5, 2020
The National Privacy Commission (NPC) has issued a Cease and Desist Order (CDO) to Grab Philippines, Inc. (Grab PH) after finding deficiencies in complying with the Data Privacy Act of 2012 (DPA) for three personal data processing systems, which may endanger the privacy rights of the riding public. In a Notice of Deficiencies issued to […]
READ MORE
Statement of Privacy Commissioner Raymund Enriquez Liboro On the release of passenger manifest of airlines to government agencies particularly the DOH, in relation to the 2019 nCov response
February 4, 2020
While data privacy is a right, it is not an absolute right. The same should always be harmonized vis-à-vis the requirements of public order and safety, and to protect the life and health of the data subject or another person. (Data Privacy Act of 2012, Sec 12. D and E) If a government agency pursuant […]
READ MORE
NPC Marks Data Protection Day 2020
January 29, 2020
Depicting a growing awareness among ordinary Filipinos on the importance of ensuring the privacy of their data, data subjects began sharing their thoughts on the matter in a social media post by the National Privacy Commission (NPC) marking the 14th annual celebration of Data Protection Day. In a series of Facebook posts themed, “Ano ang […]
READ MORE
NPC calls Grab over passenger verification system and in-car audio, video recording pilot test
January 14, 2020
The National Privacy Commission (NPC) has called Grab Philippines to address the privacy concerns relating to the launch of their new passenger verification system and in-car audio and video recording pilot test. “We understand that Grab designed their new systems as additional security to both drivers and passengers. But to avoid serious breaches of privacy, […]
READ MORE
Privacy commission gives 12 digital safety tips for Christmas
December 20, 2019
PRESS RELEASE 19 December 2019 Privacy commission gives 12 digital safety tips for Christmas The National Privacy Commission (NPC) is reminding shoppers and travelers to be extra vigilant against cybercriminals this Christmas season. During the Data Privacy Stakeholders’ Assembly on Thursday, held at the Philippine International Convention Center, Privacy Commissioner Raymund Enriquez Liboro said it’s […]
READ MORE
52nd APPA FORUM OPENS IN CEBU
December 2, 2019
The 52nd Asia Pacific Privacy Authorities (APPA) Forum officially opened in Cebu today, with privacy commissioners from 14 jurisdictions across the region convening in closed sessions, to deliberate on emerging technology trends and threats that impact privacy, share best practices, explore new policy directions, and build institutional partnerships. In his opening remarks, Philippine Privacy Commissioner […]
READ MORE
Following NPC stop processing order on 26 online lenders, drop in complaints seen
December 1, 2019
Privacy-related online lending complaints have drastically declined a month following recent enforcement actions by the National Privacy Commission (NPC) on dubious online lending applications. The issue is among the topics for discussion at the 52nd Asia Pacific Privacy Authorities (APPA) Forum in Cebu City, where privacy commissioners from all over the Asia Pacific region and […]
READ MORE
PH to host 52nd APPA Forum in Cebu
November 22, 2019
The Philippines is set to host the 52nd Asia Pacific Privacy Authorities (APPA) Forum in Cebu with the National Privacy Commission (NPC) taking the lead. Privacy commissioners from the region and guest ASEAN representatives are expected to converge for the main event at the Shangri-La’s Mactan Resort and Spa on 2-3 December 2019. During the […]
READ MORE
NPC sets up DPO COMPLex workshop for GOV’T
November 12, 2019
The National Privacy Commission (NPC) is set to conduct the DPO COMPLex experiential compliance workshop for government Data Protection Officers (DPOs) on November 13 – 14 at the Luxent Hotel in Quezon City. This following a marked improvement in this year’s DPO registration figures for the sector. State Universities and Colleges (SUCs) saw the biggest […]
READ MORE
NPC issues guidelines to prevent data compromise this Undas 2019
October 31, 2019
The National Privacy Commission (NPC) advises Filipinos observing All Saints’ Day and All Souls’ Day to take preventive security measures to avoid compromising data on their device and data systems. For travelers, something as simple as avoiding the use of a public charging station will help keep their device and personal data safe. In the […]
READ MORE
Order: Violations of the Data Privacy Act by Several Companies Operating Online Lending Applications
October 23, 2019
Order to Stop Personal Data Processing in re: Violations of the Data Privacy Act by Several Companies Operating Online Lending Applications As published in The Philippine Star, The Daily Tribune and Philippine Daily Inquirer on 21 October 2019.
READ MORE NPC shuts down 26 online lending companies
October 21, 2019
The National Privacy Commission has imposed a ban on the processing of personal data against operators of 26 online lending applications, as part of the agency’s continuing crackdown on online lenders that resort to public shaming of borrowers. In an Order dated 18 October 2019 published today, the NPC said the companies behind the 26 […]
READ MORE Violations of the Data Privacy Act of Several Companies Operating Online Lending Applications
October 8, 2019
Order for Summary Hearing on 15 October 2019 re Violations of the Data Privacy of Several Companies Operating Online Lending Applications As published in The Philippine Star, The Daily Tribune and Philippine Daily Inquirer on 04 October 2019
READ MORE NPC Summons 67 more online lenders
October 4, 2019
The National Privacy Commission (NPC) today issued summons by publication aimed at 67 unlisted operators of online lending applications, who were subject of data privacy complaints but whose identities and business addresses elude detection. In an Order for Summary Hearing published in three newspapers of general circulation, the NPC is ordering the board of directors […]
READ MORE
PH joins APEC privacy system
September 20, 2019
The Philippines has formally joined the Cross-Border Privacy Rules (CBPR) System, a move seen to expand its trading opportunities within the Asia Pacific region by eliminating data-flow barriers when transacting with member economies of the Asia Pacific Economic Cooperation (APEC) through the adaption of common standards for data privacy. The National Privacy Commission (NPC) recently […]
READ MORE
Press Statement of Privacy Commissioner Raymund Enriquez Liboro on the industry-wide Code of Ethics and Code of Conduct by FinTech Alliance
September 16, 2019
The National Privacy Commission is steadfast in protecting Filipino citizens in this rapidly-developing field of financial technology. We are very much committed to our primary goal: “to ensure balance of free flow of information while protecting the privacy of all data subjects”. Our Commission recognizes that one important component of successful digital governance is making […]
READ MORE
PH, Singapore sign MoU on Personal Data Protection
September 10, 2019
MANILA, Philippines — The Philippines and Singapore agreed to share best practices in personal data protection and develop compatible mechanisms to facilitate trusted cross border data flows including mutual recognition of comparable protection afforded by their respective laws to safeguard both Philippines and Singapore citizens. Philippine President Rodrigo R. Duterte and Singapore President Halimah Yacob […]
READ MORE
Press Statement of Privacy Commissioner Raymund E. Liboro RE: Fact-finding reports on 3 major online lenders
September 6, 2019
The National Privacy Commission received this year multiple complaints against online lending companies. We received a total of 921 complaints reporting essentially the same facts: Use of contact list or phone directory without consent or authority; Disclosure of unwarranted or false information to other persons; Use of personal information for harassment and threatening communications; and […]
READ MORE
Online lending execs face jail terms for data privacy violations
September 6, 2019
The National Privacy Commission (NPC) has concluded its investigation on three major online lending companies in the country for alleged public shaming of borrowers and has found that their operators may be liable for imprisonment of up to 7 years and fines of not more than P5 Million under the Data Privacy Act of 2012 […]
READ MORE NOTICE TO THE PUBLIC: Beware of fakers pretending to represent the NPC
September 4, 2019
This is to warn the public about scammers pretending to be employees of the National Privacy Commission (NPC). The NPC has received several reports that the administrator/s of a Facebook page named “Anti-Loan Shark Philippines” are claiming to be employed or connected with us. Worse, they pretend to be authorized to collect fees for individuals […]
READ MORE
PH leads ASEAN’s move to protect privacy
August 22, 2019
The Association of Southeast Asian Nations (ASEAN) took a major step in harmonizing regional data protection, privacy regulations and initiatives by launching the first ASEAN Data Protection and Privacy Forum in Bangkok, Thailand with the Philippines at the helm. The Philippines was represented by Privacy Commissioner Raymund Enriquez Liboro, who chaired the Forum’s inaugural meeting. […]
READ MORE
NPC forms coalition to protect “digital Filipino”
May 23, 2019
Coming on the heels of a surge in citizen complaints of alleged privacy harassments from online lenders, more than 2,000 Data Protection Officers (DPO) from major government offices and leading businesses today joined the National Privacy Commission’s (NPC) call to form a united front to strengthen the protection of peoples’ personal data. “Our common goal […]
READ MORE
NPC conducts hearings on 48 online lending apps after over 400 harassment complaints
May 21, 2019
Over 400 complaints of alleged harassment and shaming by various mobile online lending operators have swamped the National Privacy Commission (NPC) recently, with borrowers crying foul over perceived reputational harm and abuse of their data privacy rights. Speaking to reporters, Privacy Commissioner Raymund Enriquez Liboro said the agency is presently handling a total of 485 […]
READ MORE
Press Statement of Privacy Commissioner Raymund Enriquez Liboro
RE: PERSONAL DATA PROCESSING BY ELECTION CANDIDATES
May 10, 2019
1. It has come to our attention that some individuals posted on social media about receiving from candidate/s a “precinct locator” or “voter’s information” card, printed with their personal data – name, complete residential address, date of birth, among others. 2. Concerns were raised over the possibility that these candidates may be processing voter personal […]
READ MORE
NPC launches Privacy Awareness Week 2019 official website
May 6, 2019
The National Privacy Commission (NPC) is enjoining personal information controllers and processors in the private and public sectors to celebrate the National Privacy Week 2019 (PAW) on May 25 to 31, with the launch on Friday of its official event website: paw.privacy.gov.ph. Pursuant to President Rodrigo Roa Duterte’s Proclamation No. 527 signed last year, the […]
READ MORE
PH, Singapore co-lead the ASEAN Data Protection and Privacy Forum
May 1, 2019
The National Privacy Commission (NPC) is closely working with Singapore’s Personal Data Protection Commission (PDPC) in developing the ASEAN Framework on Digital Data Governance. In the 2nd Working Group Meeting on ASEAN Digital Data Governance Framework recently at the Diamond Hotel in Makati, Privacy Commissioner Raymund Enriquez Liboro formally accepted Singapore’s invitation for the Philippines […]
READ MORE Press Statement of Privacy Commissioner Raymund Enriquez Liboro
RE: BREACH NOTIFICATION BY CEBU AIR, INC.
April 25, 2019
1. At 11:37 AM today, Cebu Air, Inc. emailed a preliminary notification to the National Privacy Commission informing us of an “unauthorized breach” of its website’s database (www.getgo.com.ph), as prescribed by NPC protocols. 2. In the notification, the company’s Data Protection Officer (DPO) Randall Evangelista, said the “extent and nature” of the breach is still […]
READ MORE
NPC cautions offices on personal data protection issues during Holy Week 2019
April 17, 2019
The National Privacy Commission (NPC) is reminding public and private offices to be extra vigilant against hackers and data thieves this Lenten break. Privacy Commissioner Raymund Enriquez Liboro said Personal Information Controllers (PICs), Personal Information Processors (PIPs), and Data Protection Officers should ensure personal information under their organization’s care are safeguarded from potential cybersecurity attacks, […]
READ MORE
Statement of Privacy Commissioner Raymund Enriquez Liboro on the recent April Fool’s hacking incidents
April 4, 2019
1. Beginning 1 April 2019 until yesterday, the National Privacy Commission has gathered reports and claims of alleged hacking incidents of certain websites that may have involved personal data. 2. The incidents include hacking of individual user accounts on Facebook, Twitter, Yahoo, and Wattpad, among others. There were also some websites operated by some private […]
READ MORE
Statement of Privacy Commissioner Raymund Enriquez Liboro on Facebook’s Use of Plain Text in Stored Passwords
March 22, 2019
1. Today Facebook announced that millions of users’ passwords were discovered in January to be stored in a readable format within their internal data storage systems. This first came about after a revelation by a security expert, who claims that this practice has been going on since 2012 and that the passwords could be accessed […]
READ MORE
NPC postpones submission of 2018 Annual Security Incident Report
March 21, 2019
The National Privacy Commission (NPC) has postponed indefinitely the submission of the Annual Security Incident Report (ASIR) covering the calendar year 2018. The Commission is currently revising some of its key processes with a view to enhancing reportorial efficiency and harmonizing documents submissions with the Department of Information and Communications Technology. The revisions aim to […]
READ MORE
Statement of Privacy Commissioner Raymund Enriquez Liboro on the Mobile Number Portability Act recently signed by President Rodrigo Roa Duterte
February 20, 2019
1. We laud President Rodrigo Roa Duterte for signing the Mobile Number Portability Act. The law provides mobile postpaid or prepaid subscribers with the mechanism to retain an existing mobile number despite having moved from one mobile service provider to another. This gives data subjects control over their data which is a basic tenet under […]
READ MORE Official Statement of Privacy Commissioner Raymund E. Liboro
January 30, 2019
Re: BREACH NOTIFICATION BY GLOBE TELECOM INC. On Sunday, Jan 27, 2019, Globe Telecom, through its Data Protection Officer, formally notified the NPC of a personal data breach. Based on their report, the personal data breach occurred due to a system error, potentially affecting 8851 customers. Our team is still evaluating the incident and verifying […]
READ MORE Privacy Commission extends validity of registration until 2020
January 22, 2019
Personal Information Controllers (PICs) and Personal Information Processors (PIPs) that completed at least Phase-I of their registration with the National Privacy Commission (NPC) by 2018 are not required to renew their registration this year. The validity of their registration is extended until 8 March 2020. They are also entitled to an official digital certificate of […]
READ MORE
Official Statement of Privacy Commissioner Raymund Enriquez Liboro on the Cebuana Lhuiller Breach
January 19, 2019
1. On Friday, 18 January 2019, representatives from Cebuana Lhuiller went to the National Privacy Commission to seek assistance regarding a data breach involving their email server. At the meeting, they committed to submit a more detailed report regarding the data breach. Cebuana Lhuiller informed us that it has engaged the services of a third […]
READ MORE
NPC opens passport data probe
January 16, 2019
The National Privacy Commission (NPC) has granted the Department of Foreign Affairs (DFA) 5 more days before formally facing its preliminary fact-finding inquiry on the passport data issue. In a meeting this morning, the NPC’s Legal and Enforcement Office asked DFA representatives headed by Director Anthony A.L. Mandap to give preliminary details surrounding the issue. […]
READ MORE Press Statement of Privacy Commissioner Raymund E. Liboro on DFA’s Claim Regarding Philippine Passport Data
January 12, 2019
The National Privacy Commission shall conduct its own investigation on the Department of Foreign Affairs assertion that a private contractor has caused the non-availability of Filipino passport data and other documents entrusted to it for processing. Any form of non-availability of personal data, infringement of the rights of data subjects, and harms from processing that […]
READ MORE
NPC launches DPO ACE Program, sets benchmark for data privacy training in PH
December 12, 2018
The National Privacy Commission (NPC) today unveiled its DPO Accountability, Compliance, and Ethics (ACE) Program, aimed at establishing a skills benchmark for local privacy professionals, amid the spike in demand for high-quality data privacy trainings in the country. Around 50 practicing Data Protection Officers (DPOs) from leading government offices and top corporations attended the pilot […]
READ MORE PH telcos, 3rd player told: compete on data privacy and protection to win customer trust
December 6, 2018
The National Privacy Commission (NPC) is urging local telecommunications operators Globe, Smart, and the incoming third player, Mislatel consortium to compete for consumer trust in terms of better services and better data privacy protection. “This is what’s good about competition, it’s the customers who decide who to trust. So, why not let the telcos compete […]
READ MORE
NPC calls for data privacy compliance in the travel & tourism sector at DPO20
November 21, 2018
Travel and tourism services in the country are seeing a steady, vibrant growth in demand, owing to the strong business climate and increasing domestic spending. Thus, there is a need for industry players to safeguard their customers’ trust by ensuring that personal information remains secure against data theft. At the 20th Data Protection Officers Assembly […]
READ MORE NPC lauded for PH’s global leadership spot in ICDPPC
October 28, 2018
International and local governing bodies have commended the National Privacy Commission (NPC) for earning a global leadership role for the Philippines in international discussions on data privacy. Privacy Commissioner Raymund Enriquez Liboro represented the country in the International Conference of Data Protection and Privacy Commissioners (ICDPPC) held in Brussels, Belgium on Oct. 23. Following closed […]
READ MORE
PH WINS SEAT IN INT’L. PRIVACY BODY
October 25, 2018
Brussels- Belgium, Despite being a newcomer to data privacy regulation, the Philippines has earned a voting seat in the 5-member executive committee of the International Conference of Data Protection and Privacy Commissioners (ICDPPC), a worldwide conference of 119 independent regulators from all over the world, coming together to explore high-level proposals on data privacy and […]
READ MORE
PH joins 40th Int’l. Privacy Commissioners’ Conference
October 22, 2018
BRUSSELS, BELGIUM — The National Privacy Commission (NPC) is representing the Philippines in the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC), a premier global forum connecting the efforts of about 119 privacy and data protection authorities from over 70 countries across the globe. The NPC’s chairman and Philippine Privacy Commissioner Raymund Enriquez […]
READ MORE UPDATED: PRESS STATEMENT OF PRIVACY COMMISSIONER RAYMUND ENRIQUEZ LIBORO ON FACEBOOK’S LATEST BREACH
September 29, 2018
1. At around 12:49 AM of September 28, we received informal notice from Facebook representatives that they had found a vulnerability in their app that was exploited by malicious attackers. 2. Facebook claims that the vulnerability affected around fifty million users, exposing personal data stored in their Facebook profiles. 3. The vulnerability was attributed to […]
READ MORE
Gov’t. taps “hack bayani” community to help secure PhilSys, data-driven public projects
September 28, 2018
1. Privacy Commissioner Raymund Enriquez Liboro is tapping the assistance of white hat hackers in the country to help secure Philippine cyberspace and help create robust public ICT systems in the country beginning with the soon-to-be implemented national identification card. 2. “We can do a lot more to help protect the data that will come […]
READ MORE
NPC eyes fully digital PH by 2040
September 19, 2018
1. The National Privacy Commission (NPC) said the country’s bid to be a fully-digital, high-trust society in 20 years is feasible as the government’s ICT and data privacy initiatives remain on on-track. 2. “Ambisyon 2040 provides the beacon towards a high trust society, where every Filipino is secure in their physical and digital lives and […]
READ MORE
Updated: Press Statement of Privacy Commissioner Raymund Enriquez Liboro on the Data Breach Incident of ABS-CBN’s online Stores
September 19, 2018
RELEASE 01 – September 19, 2018 1. News of a possible data breach of ABS-CBN’s online stores has reached the National Privacy Commission this morning, where customers reportedly face the possibility of theft of their financial data due to a payment skimmer which has been discovered by a Dutch security researcher. 2. At 12:37 PM, […]
READ MORE Press Statement of Privacy Commissioner Raymund Enriquez Liboro on the President’s Signing of the National ID Law
August 7, 2018
1. President Rodrigo Roa Duterte has signed the National ID law on the 6th of August 2018, creating the Philippine Identification System to improve the delivery of government and other services to the public, especially those who lack government-issued identification cards. 2. The National Privacy Commission supports the proper implementation of this law in accordance […]
READ MORE 5 gov’t. agencies to jointly handle telco consumer complaints
July 6, 2018
The government will launch an all-out, synchronized effort to promptly deal with consumer complaints on telco services such as those involving data privacy violations, text-scams, vanishing load, unauthorized charges, defective product, and denial of subscription plan activation, among others, Privacy Commissioner Raymund Enriquez Liboro said on Friday. Liboro said the National Privacy Commission (NPC) is […]
READ MORE
Celebrate Filipino Data Privacy Rights on Privacy Awareness Week 2018 –NPC
May 10, 2018
In the wake of the recent spate of media reports linked to data breaches and other privacy-related concerns, the National Privacy Commission (NPC) is urging business, government and civil society organizations to participate in the upcoming Privacy Awareness Week (PAW) on May 28 to 31 and publicly commit to the safeguarding of people’s personal data. […]
READ MORE NPC investigates multiple government website breach
April 24, 2018
1. The National Privacy Commission (NPC) yesterday summoned the management and other responsible officials of seven schools, institutions, and local government units as it investigates data breaches they sustained following an organized attack on government and commercial organizations last April 1, 2018. 2. The privacy body earlier sent notice to top officials of Taguig City […]
READ MORE NPC opens probe on Facebook
April 13, 2018
The National Privacy Commission (NPC) is opening an investigation on Facebook following Mark Zuckerberg’s admission of the company’s faults in the Cambridge Analytica data scandal that affected Filipino Facebook users. In a formal letter addressed to Zuckerberg, the NPC is requiring Facebook to submit a number of documents relevant to the case, to establish the […]
READ MORE Joint Press Statement from Privacy Commissioner Raymund Enriquez Liboro and LTFRB Board Member Atty. Aileen Lourdes Lizada
April 6, 2018
1. In the common pursuit of protecting the rights and interests of drivers and the commuting public, the National Privacy Commission (NPC) and the Land Transportation Franchising and Regulatory Board (LTFRB) are jointly looking into the transaction details of the announced Grab-Uber acquisition. Since this acquisition potentially involves personal data, the NPC is keen on […]
READ MORE Press Statement from Privacy Commissioner Raymund Enriquez Liboro on the Facebook Controversy involving Cambridge Analytica
April 6, 2018
1. The National Privacy Commission (NPC) has been in touch with Facebook since information on the controversy involving Cambridge Analytica rose to prominence following whistleblower allegations in March 2018. 2. On March 27, the NPC met with Facebook representatives to look into the matter and ascertain if and to what extent, Filipino users were affected. […]
READ MORE Statement of Privacy Commissioner Raymund Enriquez Liboro On the Uber and Grab Merger
March 27, 2018
Yesterday, both Uber and Grab issued public statements announcing the sale of Uber’s TNV and food delivery business in Southeast Asia to Grab. From these statements, we understand that the Uber service will no longer be available in Southeast Asia including the Philippines, from 8 April 2018. In the interim, Grab is to take Uber’s […]
READ MORE NPC extends data processing systems registration for covered professionals
March 8, 2018
The National Privacy Commission (NPC) is extending up to July 2 the registration period for the data processing systems (DPS) of individual Personal Information Controllers (PICs) and individual Personal Information Processors (PIPs), specifically for covered professionals. These include medical doctors, lawyers, accountants and dentists, among others, who process personal data and satisfy the criteria for […]
READ MORE NPC extends deadline of 2017 annual incident report to June 30
March 6, 2018
Organizations and professionals processing personal data in the country now have until June 30 to submit their first annual security incident report to the National Privacy Commission (NPC) after the agency adjusted the deadline, which was initially set on March 31. The annual security incident report is among the yearly compliance obligations of Personal Information […]
READ MORE Privacy Commission cautions DOH on sharing of Dengvaxia master list
March 6, 2018
PRESS RELEASE The National Privacy Commission (NPC) has advised the Department of Health (DOH) to be circumspect in sharing sensitive personal information of individuals, saying it should only do so if it deems that such sharing or disclosure is authorized under law, adheres to data privacy principles, and there are reasonable and appropriate security measures […]
READ MORE NPC makes telco take measures against SIM-swap fraud; public warned on identity theft
January 23, 2018
The National Privacy Commission (NPC) has caused Globe Telecom, Inc. to enforce more stringent subscriber verification protocols to better protect its customers following reports that one of its prepaid mobile customers fell victim to identity theft, made possible through the perpetrator that resulted in the unauthorized access to the customer’s online banking account. In a […]
READ MORE NPC sets March deadline for submission of 2017 Annual Security Incident Report of personal information controllers
January 4, 2018
PRESS RELEASE 1. Personal Information Controllers (PICs) in the country may begin submitting their 2017 Annual Security Incident Report to the National Privacy Commission (NPC), from January 3 to March 31, 2018. 2. The law requires all PICs to submit an Annual Security Incident Report, even if the PIC concerned does not need to register […]
READ MORE
NPC launches PH-wide data protection drive for LGUs in Region 11
December 18, 2017
DAVAO CITY, Philippines – The National Privacy Commission (NPC) recently launched its nationwide campaign here on how local government units (LGUs) can start their journey to compliance and reap the benefits of the Data Privacy Act of 2012. Speaking to Davao Region LGU chief executives and representatives on Monday last week at DPO11: The LGU […]
READ MORE Latest Statement of Privacy Commissioner Raymund Enriquez Liboro on the Uber Personal Data Breach
December 15, 2017
Today, Uber made public additional information earlier made available to us on their 2016 data breach. We were informed that around 171,000 Filipino citizens consisting of drivers and passengers were affected by the breach. We understand this to be based on the mobile phone numbers included in the registry. We were also informed that the […]
READ MORE PH Strengthens Extraterritorial Reach through the APEC Cross Border Privacy Enforcement Arrangement
December 5, 2017
1. The Philippines has joined the APEC Cross Border Privacy Enforcement Arrangement (CPEA), the government backstop enforcement network developed for the Cross-Border Privacy Rules (CBPR). It is an initiative that facilitates information sharing among privacy enforcement authorities in APEC economies, provide mechanisms to promote effective cross-border privacy cooperation, and encourage information sharing and cooperation with […]
READ MORE Statement of Privacy Commissioner Raymund Enriquez Liboro on the Uber Personal Data Breach
November 28, 2017
Press Statement 28/11/2017 1. Yesterday, Uber wrote to us in compliance with their commitment to provide more detailed information about their data breach of October 2016. 2. In that letter, Uber confirmed to us that personal information of Filipinos were exposed in the data breach. As such, the National Privacy Commission has jurisdiction over the […]
READ MORE Statement of Privacy Commissioner Raymund Enriquez Liboro on NPC’s November 23 meeting with Uber PH
November 24, 2017
Press Statement 24/11/2017 1. The National Privacy Commission summoned Uber to a meeting on Thursday, November 23, 5:30 PM to discuss the self-reported breach that was admitted by the CEO of the transport network vehicle service company. 2. Uber came to the meeting represented by its Data Protection Officer, Atty. Yves Gonzalez, accompanied by external […]
READ MORE Statement of Privacy Commissioner Raymund Enriquez Liboro on the personal data breach sustained by Uber in 2016
November 22, 2017
Late last night, Uber Chief Executive Officer Dave Khosrowshahi issued a statement to the public announcing that personal data of around 50 million Uber users and 7 million Uber drivers were compromised in a security incident dating back to October 2016, and that Uber concealed the fact of this security incident. The National Privacy Commission […]
READ MORE Statement of the Privacy Commissioner Raymund Enriquez Liboro on the possible personal data breach sustained by COL Financial Group, Inc.
October 23, 2017
The National Privacy Commission has received a notification at 3:30 in the afternoon of October 20, 2017, Friday, from COL Financial Group, Inc. of a potential data breach to its system. We note that this notification has adhered to standard breach reporting protocols set forth in NPC Circular 16-03, on Personal Data Breach Management. In […]
READ MORE NPC Statement on SALN and Data Privacy
September 28, 2017
Privacy Commissioner and Chairman Raymund Enriquez Liboro is issuing the following statement related to the Data Privacy and SALN redaction issue: The Data Privacy Act (DPA) is not designed to prevent access to personal information under any circumstances. Rather, it promotes responsible and lawful use of personal information. Section 11 of the DPA states: “The […]
READ MORE
Ahead of PHIE, Private Hospitals Complying with Data Privacy Act
September 20, 2017
With the upcoming implementation of the Philippine Health Information Exchange (PHIE), private hospitals have committed to comply with the Data Privacy Act (DPA) of 2012 and are implementing data protection measures in their data processing systems to protect sensitive personal information of their patients. This was revealed at the first general assembly of Data Protection […]
READ MORE
NPC: Late Registrants, May Face Privacy Compliance Checks
September 14, 2017
Public and private companies that failed to beat the September 9 deadline for the registration of their data processing systems starting with the registraton of their Data Protection Officer (DPO) could face compliance checks, the National Privacy Commission (NPC) warned. Since September 9 fell on a Saturday, a non-working day, the deadline automatically moves […]
READ MORE
NPC Survey: Filipinos Value Data Privacy
August 30, 2017
Speakers, organizers and participants of a Data Protection Officers’ General Assembly for Media and Social Media professionals pose for a group photo. The event called DPO6 is the 6th of a series of industry specific seminars and workshops organized by the National Privacy Commission (NPC) aimed at improving compliance with the Philippines’ data protection and […]
READ MORE DPO Forum Issue #01
August 14, 2017
We’re opening the very first Philippine Privacy Awareness Week today with the launch of our Data Privacy Newsletter, featuring updates from the NPC, recaps on events and issues for the past few months, and an interview with a DPO. Get the downloadablehere
READ MORE
DPO3: Telco DPOs show commitment to data privacy compliance in NPC assembly
August 11, 2017
The country’s leading telecommunications firms on Tuesday demonstrated their commitment to upholding data subject rights in the first gathering of Data Protection Officers (DPOs) for the sector conducted by the National Privacy Commission (NPC) at the GT-Toyota Asian Center, Katipunan Avenue, Diliman, Quezon City. Dubbed DPO3: The Data Protection Officers’ Assembly for the Telecommunications Sector, […]
READ MORE
Data privacy compliance a competitive edge for PH companies
July 31, 2017
In this information age, compliance with data privacy and data protection regulations is considered by organizations as a competitive advantage in their business operations. This was confirmed by contact center managers and data protection experts at the recent Data Privacy Asia conference organized by the Contact Center Association of the Philippines. (CCAP). Contact center clients […]
READ MORE NPC conducts privacy compliance check on BPI
June 16, 2017
The National Privacy Commission (NPC) is conducting a privacy compliance check on the Bank of Philippine Islands (BPI) after the recent incident that caused the bank’s electronic channels to be temporarily suspended, inconveniencing many of its clients. The compliance check will evaluate the existing governance, organizational, physical and technical measures in place and seek to […]
READ MORE NPC pushes data privacy compliance in banking sector in upcoming DPO2
May 26, 2017
The National Privacy Commission (NPC) is set to convene the Data Protection Officers (DPOs) of the financial services sector on 31 May 2017. Dubbed as “DPO2: The 2nd Data Protection Officers’ Assembly,” the event will be held in cooperation with the Bangko Sentral ng Pilipinas (BSP) and the Bankers Association of the Philippines (BAP). It […]
READ MORE
Threats to Security and Privacy
May 16, 2017
KNOW YOUR ENEMY — This timeless piece of advice is especially relevant today as data privacy threats, both online and offline, have become as rampant as ever. Undetected attacks on our privacy may suddenly be leveraged to wreak havoc at any moment. While defenses and legislation struggle to catch up with fast-paced technological advancements, understanding […]
READ MORE Holy Week 2017 Advisory for all Data Protection Officers in Government (DPO1)
April 11, 2017
The National Privacy Commission would like to remind all Data Protection Officers to ensure the security of personal data in their respective agencies’ care during the long weekend of Holy Week 2017 (13 to 16 April 2017). This is in order to prevent data breaches such as the one that occurred during the same period […]
READ MORE
Privacy Commission rallies support for data protection in government
April 6, 2017
The National Privacy Commission (NPC) has called on Data Protection Officers (DPOs) in the public sector to get proactive in conducting their duty as watchdogs and advocates of the data privacy rights of Filipinos from within their respective organizations. Speaking to government data protection professionals on Wednesday at DPO1: The 1st Data Protection Officers’ Assembly, […]
READ MORE
A year after COMELEC breach: National Privacy Commission to hold first general assembly of Data Protection Officers
March 28, 2017
Photo by Marinel Mamac / PIAD. About a year after the Comeleak data breach, which exposed the personal data of over 55 million Filipino voters, the National Privacy Commission (NPC) is rallying Data Protection Officers (DPOs) from government agencies to adopt a proactive approach in the fight for data protection of citizens in a series […]
READ MORE
NPC starts probe into COMELEC’s 2nd large scale data breach; issues compliance order
February 20, 2017
Photo by Katrice Obrero / PIAD. The National Privacy Commission (NPC) has ordered the Commission on Elections (COMELEC) on Monday to take serious measures to address its data processing vulnerabilities after the computer of the Office of the Election Officer (OEO) in Wao, Lanao Del Sur was stolen last January 11, 2017. The stolen computer […]
READ MORE
Privacy Commission recommends criminal prosecution of Bautista over “Comeleak”
January 5, 2017
The National Privacy Commission (NPC) has found that the Commission on Elections (COMELEC) violated the Data Privacy Act of 2012 and has recommended the criminal prosecution of Chairman J. Andres D. Bautista for the data breach that occurred between 20 and 27 of March last year. In its decision dated December 28, 2016 on NPC […]
READ MORE
PH Privacy Commission gets international accreditation
October 21, 2016
PH National Privacy Commission approved as full member of the International Conference of Data Protection and Privacy Commissioners (ICDPPC) . Out of 12 data privacy authorities from as many countries that applied for membership this year, the Philippines was only one of five approved for full membership, meeting ICDPPC’s stringent standards for data protection and […]
READ MORE Government Open Data to Improve with Data Sharing Directives
October 19, 2016
The free flow of information within the government is expected to improve with the issuance of the latest memorandum circular of the National Privacy Commission’s (NPC). (NPC MC 16-02) on Data Sharing Agreements Involving Government Agencies. This issuance from the NPC reinforces its mandate to support the free flow of information and safeguard the right […]
READ MORE Stricter government handling of personal data ordered in Privacy Commission issuance
October 17, 2016
Personal data in the hands of government offices and all branches of government including state-run schools and colleges are expected to be made more secure with the issuance of the National Privacy Commission’s (NPC) first memorandum circular (#16-001) on the “Security of Personal Data in Government”. According to Commissioner Raymund E. Liboro, the circular is […]
READ MORE Privacy Commission Advisory on Yahoo Breach
September 24, 2016
Photo/Graphic Source: money.cnn.com The National Privacy Commission (NPC) would like to reiterate the recommendations of Yahoo and cybersecurity experts to Yahoo users to change their passwords on their Yahoo accounts. This follows after the compromise of half a billion user accounts from Yahoo’s servers in 2014 that was only discovered and confirmed by Yahoo this […]
READ MORE
Privacy Act IRR released – NPC to educate public about privacy
August 30, 2016
Photo 1: (From Left to Right) Deputy Privacy Commissioner Dondi Mapa, Deputy Privacy Commissioner Ivy Patdu, and Privacy Commissioner and Chairman Raymund E. Liboro listened to inputs from health information and research stakeholders at a public consultation on R.A. 10173’s Implementing Rules and Regulations / Photo courtesy of Ramon Duremdes Jr. The Implementing Rules and […]
READ MORE 27 July 2016 version of the Proposed IRR
July 27, 2016
For the upcoming public consultation in Cebu this July 28, 2016, and those interested in seeing the latest version of the proposed implementing rules and regulations (IRR) of the Data Privacy Act of 2012 (R.A. 10173). you can download the copy through this link: IRR Version 072716.pdf
READ MORE Data Privacy Act. IRR Public Consultation – Cebu, 28 July 2016
July 26, 2016
This might be your last chance for a face to face public consultation on the IRR. This one will happen in Cebu. for those who can’t make it, feel free to send us an email at [email protected] Register for the pubcon here: http://bit.ly/2acM0lc Access the draft IRR here: http://www.gov.ph/2016/06/20/irr-data-privacy-act-2012/ Access the E.O.10173 or the Data […]
READ MORE National Privacy Commission Position on FOI EO
July 26, 2016
The National Privacy Commission lauds the signing of the Executive Order on the Freedom of Information as an important step towards greater transparency and people’s participation in government. The right to information on matters of public concern is a fundamental right provided in the Constitution and the right to privacy must always be balanced with […]
READ MORE Data Privacy Act Cannot Be Used As Shield Against FOI
July 26, 2016
The Data Privacy Act of 2012 cannot be used by government officials as protection against the Freedom of Information Executive Order issued by President Duterte last week, this was said by the Data Privacy Commission” in a position paper in reaction to concerns that the Data Privacy Act will be used by Government Officials to […]
READ MORE Invitation to Comment: Proposed Implementing Rules and Regulations of The Data Privacy Act
July 19, 2016
The Data Privacy Act of 2012 is the law for the protection of individual personal information in information and communications system in both government and private sector. We recognize the need to support the free flow of information for national development, while safeguarding the fundamental right of every individual to privacy. The National Privacy Commission […]
READ MORE