Search for:
Author

Berenice Joanna G. Dela Cruz

Browsing
Berenice Joanna G. Dela Cruz is an associate in Quisumbing Torres. She works with various practice groups in the firm, including Corporate & Commercia/M&A, Dispute Resolution, Intellectual Property, Data and Technology, and Employment. Prior to joining the firm, she was a legal intern in the Office of the Solicitor General where she assisted in research, preparation of pleadings, meetings with clients and court hearings. Berenice graduated cum laude from the University of the Philippines College of Law in 2022, and ranked 5th in her batch. She also received the Dean's Medal for Academic Excellence and commendations for her participation in several international moot court competitions. She was newly admitted to the Philippine bar in 2023.

The Data Privacy Act provides that a personal information controller (PIC) must implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information against accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing. The PIC shall also protect personal information against natural dangers and human dangers. For this purpose, the National Privacy Commission (NPC) recently issued NPC Circular No. 2023-06 (“Circular”), which sets out the updated minimum requirements for the security of personal data.

The National Privacy Commission (NPC) recently issued NPC Circular No. 2023-05, which sets out the prerequisites for certification under the Philippine Privacy Mark Certification Program.
The NPC Privacy Mark, obtained through the PPM Certification Program, offers the highest level of assurance on data privacy compliance and secure cross-border data transfers of personal information controllers and personal information processors. It helps data subjects identify organizations they can entrust their personal data with.
The Circular took effect on 15 March 2024.

The National Privacy Commission (NPC) formally announced through its official website that the Annual Security Incident Report for the year 2023 must be filed by 31 March 2024.
Any natural and juridical person in the government or private sector processing personal data in or outside of the Philippines that are subject to the provisions of Republic Act No. 10173 or the Data Privacy Act of 2012 must submit the ASIR containing the following information:
• Summary of the number of security incidents encountered in a particular calendar year and categorized by type, i.e., theft, identity fraud, sabotage/physical damage, malicious code, hacking, misuse of resources, hardware failure, software failure, communication failure, natural disaster, design error, user error, operations error, software maintenance error, third-party service, and other analogous causes
• Summary of the number of personal data breaches encountered in a particular calendar year and classified based on the application of the breach notification obligations, i.e., mandatory and voluntary notification

The National Privacy Commission (NPC) recently issued NPC Circular No. 2023-03 (“Circular”), which sets out guidelines on the issuance of identification cards to data subjects. The Circular applies to all personal information controllers (PICs) that issue ID cards to data subjects, excluding government-issued ID cards. The Circular took effect on 30 November 2023.

Personal Information Controllers and Personal Information Processors that are covered by the registration requirement under NPC Circular No. 2022-04 have until 10 July 2023 to register their respective Data Protection Officers (DPOs) and Data Processing Systems (DPS) with the National Privacy Commission through its online registration portal.