Addressing the requirements of NPC Circular 2023-06 for the Security of Personal Data in the Philippines - Compliance Brief

The National Privacy Commission (NPC) introduces circulars to provide organizations with guidance on complying with the Data Privacy Act of 2012 in the Philippines, its implementing rules and regulations, and other NPC issuances. On April 1, 2024, the NPC issued Circular 2023-06 to strengthen personal data protection in the Philippines by governing the security of personal data in the government and private sector. 

The NPC Circular 2023-06 for the Security of Personal Data in the Government and Private Sector provides updated requirements for the security of personal data processed by a personal information controller (PIC) or a personal information processor (PIP). The Circular also sets provisions on the storage of personal data, ensuring data subjects’ information is stored for the necessary duration and protected through industry standards and best practices. 

Additionally, the Circular outlines stringent provisions for access to personal data, specifying procedures for authorized personnel, acceptable use policies, secure authentication mechanisms, and measures for remote disconnection or deletion of data on mobile devices, among others.