ALBURO ALBURO AND ASSOCIATES LAW OFFICES ALBURO ALBURO AND ASSOCIATES LAW OFFICES
contact  

Quezon City, Philippines


contact

(02)7745-4391


contact

info@alburolaw.com

contact

MON-SAT 8:30AM-5:30PM

June 1, 2022 rizzlemay

EXEMPTION FROM NOTIFICATION REQUIREMENTS IN CASES OF DATA PRIVACY BREACH

Image via: https://www.quickdesk.io/wp-content/uploads/2020/06/Effective-Ways-to-Inform-Your-Customers-about-a-New-Offering.jpg

Read also: PROCEDURE FOR NOTIFYING THE DATA SUBJECTS IN CASE OF DATA PRIVACY BREACH

  • The personal information controller must notify the National Privacy Commission (Commission) and the data subjects affected whenever there are data privacy breaches.

  • The different factors shall be considered in determining whether the Commission may exempt a personal information controller from notification.

  • In evaluating if notification is unwarranted, the Commission may take into account the compliance by the personal information controller with the law and existence of good faith in the acquisition of personal data.

The personal information controller must notify the National Privacy Commission (Commission) and the data subjects affected whenever there are data privacy breaches. However, the Commission may exempt a personal information controller from notification where, in its reasonable judgment, such notification would not be in the public interest or in the interests of the affected data subjects.

NPC Circular 160-03 or Personal Data Breach Management provides that:

The following additional factors shall be considered in determining whether the Commission may exempt a personal information controller from notification:

  1. Security measures that have been implemented and applied to the personal data at the time the personal data breach was reasonably believed to have occurred, including measures that would prevent use of the personal data by any person not authorized to access it;
  2. Subsequent measures that have been taken by the personal information controller or personal information processor to ensure that the risk of harm or negative consequence to the data subjects will not materialize;
  3. Age or legal capacity of affected data subjects: Provided, that in the case of minors or other individuals without legal capacity, notification may be done through their legal representatives.

In evaluating if notification is unwarranted, the Commission may take into account the compliance by the personal information controller with the law and existence of good faith in the acquisition of personal data.

Alburo Alburo and Associates Law Offices specializes in business law and labor law consulting. For inquiries, you may reach us at info@alburolaw.com, or dial us at (02)7745-4391/0917-5772207.

All rights reserved.

SUBSCRIBE NOW FOR MORE LEGAL UPDATES!

[email-subscribers-form id=”4″]

Share
Tweet
Share
0 Shares

Leave a Reply

Your email address will not be published. Required fields are marked *

0 Shares
Share
Tweet
Share