Dear Valued Client,
We wish to inform you that on 14 October 2022, the National Privacy Commission (‘NPC’) issued an announcement regarding the submission of personal data breach notifications (‘PDBN’) and annual security incident reports (‘ASIR’). In essence, the NPC highlighted that all PBDNs and ASIRs shall be submitted through the Data Breach Notification Management System (‘DBNMS’) online platform.
The Breach Notification and Annual Security Incident Report must be submitted through the DBNMS online platform. Submissions through email, personal filing, ordinary mail, licensed courier service, and any other mode of physical submission are invalid.
If you are subject to mandatory registration and have not yet registered your company under the DBNMS platform, we recommend that you do so at the soonest time.
If you have not yet submitted the ASIRs for 2018, 2019, 2020, and 2021, please do so at the soonest time, otherwise you may be subject to regulatory action and possibly under the NPC Guidelines on Administrative Fines.
With respect to the ASIR for 2022, the NPC, via the DBNMS portal, shall accept submissions from 1 January 2023 to 31 March 2023.
Please let us know if you would like us to assist you in determining whether your company is required to register with the NPC and if you need assistance in setting up your DBNMS profile.
About DBNMS
Access at: https://dbnms.privacy.gov.ph
Walkthrough Video: https://youtu.be/GwqHf4eURA8
The Breach Notification Management System, or DBNMS, is a user-friendly interface that facilitates easy tracking and faster submission of Personal Data Breach Notifications (PDBN) and Annual Security Incident Reports (ASIR).
Every Personal Information Controller (PIC) that is subject to mandatory registration with the PC is required to register under the DBNMS. Related companies may be registered under separate accounts. The company or entity is responsible for maintaining and submitting its reporting requirements to the NPC.
Should you have any questions, please do not hesitate to contact us. You may also reach out to our Head of the Data Privacy Practice Group, Atty. Edsel Tupaz, through aeftupaz@gorricetalaw.com.
Thank you.