NPC sets new requirements for PH privacy certification


MANILA: The National Privacy Commission (NPC) has issued a circular setting the requirements for the Philippine Privacy Mark Certification Program (PPMCP) to boost personal data protection in the country.

In a statement on Monday, the NPC said Circular 2023-05 outlines the prerequisites for organizations and certification bodies participating in the PPMCP -an initiative that aims to assess public and private organizations to ensure the secure and protected processing of personal information.

Under the circular, personal information controllers (PIC) or personal information processors (PIP) seeking PPMCP certification must be certified with ISO/IEC 27001 and ISO/IEC 27701 standards for information security management systems (ISMS) and privacy information management system (PIMS), respectively.

‘Certification bodies must also meet these standards, along with ISO/IEC 17021-1 for accreditation,’ it said.

The policy took effect on March 15, it added.

Meanwhile, the NPC also announced the issuance of Circular
2023-06 or the ‘Security of Personal Data in the Government and Private Sector’ which updated the requirements for the security of personal data processed by a PIC or PIP.

It also sets provisions on the storage and access of personal data and requires PICs or PIPs to implement a business continuity plan to mitigate potentially disruptive events.

This provision took effect on March 30 and repeals NPC Circular No. 16-01, the privacy body said.

Source: Philippines News Agency