The National Privacy Commission (NPC) formally announced through its official website that the Annual Security Incident Report for the year 2023 must be filed by 31 March 2024.
Any natural and juridical person in the government or private sector processing personal data in or outside of the Philippines that are subject to the provisions of Republic Act No. 10173 or the Data Privacy Act of 2012 must submit the ASIR containing the following information:
• Summary of the number of security incidents encountered in a particular calendar year and categorized by type, i.e., theft, identity fraud, sabotage/physical damage, malicious code, hacking, misuse of resources, hardware failure, software failure, communication failure, natural disaster, design error, user error, operations error, software maintenance error, third-party service, and other analogous causes
• Summary of the number of personal data breaches encountered in a particular calendar year and classified based on the application of the breach notification obligations, i.e., mandatory and voluntary notification
The Bureau of Internal Revenue recently issued Revenue Regulations No. 16-2023, which sets out the guidelines on the imposition of withholding tax on gross remittances by electronic marketplace operators and digital financial services providers to online sellers/merchants, in connection with goods and services sold or paid through the former’s platform.
The Regulations took effect on 12 January 2024.
Consent is not the only available lawful basis for processing personal information. Personal information controllers and other parties engaged in the processing of personal information may also use legitimate interest as a lawful basis for processing. However, these parties must be aware of the conditions and limitations for processing personal information based on legitimate interest. For this reason, the National Privacy Commission (“NPC”) recently issued NPC Circular No. 2023-07, which provides guidelines on the processing of personal information based on legitimate interest. The Circular takes effect on 14 January 2024.
The National Privacy Commission (NPC) recently issued NPC Circular No. 2023-03 (“Circular”), which sets out guidelines on the issuance of identification cards to data subjects. The Circular applies to all personal information controllers (PICs) that issue ID cards to data subjects, excluding government-issued ID cards. The Circular took effect on 30 November 2023.
On 7 November 2023, the National Privacy Commission issued Advisory No. 2023-01, which sets out guidance on the nature of deceptive design patterns and how their use by personal information controllers and personal information processors when securing consent vitiates the consent of the data subject and consequently renders the data processing to be without lawful basis.
This Advisory supplements the recently issued NPC Circular No. 2023-04, or the comprehensive guidelines on the use of consent as a lawful basis for processing data, which, among others, prohibits the use of deceptive design patterns.
The National Privacy Commission recently issued Circular No. 2023-04, which provides guidelines on the use of consent as a lawful basis for processing personal data, including default formats for privacy notices and rules on withdrawal of consent.
On 22 September 2023, the Office of the Court Administrator (OCA) issued OCA Circular 335-2023, providing instructions for trial courts in instances where the prosecution seeks dismissal of criminal cases, based on the new evidentiary standard — “lack of prima facie evidence or reasonable certainty to sustain a conviction” — adopted by the Department of Justice earlier this year.
Personal Information Controllers and Personal Information Processors that are covered by the registration requirement under NPC Circular No. 2022-04 have until 10 July 2023 to register their respective Data Protection Officers (DPOs) and Data Processing Systems (DPS) with the National Privacy Commission through its online registration portal.
Baker McKenzie is proud to launch a series of webinars aimed at helping employers understand current employment trends and issues in the South East Asia region. Some of the topics discussed are Alternatives to the Traditional Employment Model, and complexities of Workforce Optimization.
The National Economic Development Authority has issued the implementing rules and regulations of the amended Public Service Act or Republic Act No. 11659, which took effect on 4 April 2023.