The Data Privacy Act of 2012 (R.A. No. 10 173) defines a “security incident” as an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It includes incidents that would result to personal data breach, if not for
safeguards that have been put in place. One example is website hacking where information pertaining to an individual is obtained by a hacker.
The National Privacy Commission (NPC) has required the submission of 2017 Annual Security Incident Report of Personal Information Controllers (PlC). In line with the submission of said report, all Regional Offices are requested to submit an Annual Data Breach Report Summary of any recorded or collected
security incidents from the Regional Office/Division Offices/Schools from January 1 to December 31, 2017 together with the corresponding actions that the office has undertaken to address such incidents. The report must be submitted on or before June 20, 2018.
To comply with the directive, all public schools in the Division, thru its established School Data Privacy Compliance Team, are required to submit their respective Annual Data Breach Report Summary Page covering the period from January 1 to December 31, 2017. Attached is the format to be used in the
preparation and submission of the report to the Legal Unit of this Division on or before June 18, 2018.
Please be reminded that a report should still be submitted even if no incident of data breach occurred in the school for the given period by indicating “0” in the portions referring to the total number of security incidents involving personal information and information impact categories.

For immediate and strict compliance.

0749 - Memorandum-JUN-11-18-252.pdf


Template_Security Incident Report