The Data Privacy Act of 2012 (R.A. No. 10173) defines a “security incident” as an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It includes incidents that would result to personal data breach, if not for safeguards that have been put in place. Included as examples are: website hacking where information pertaining to an individual (name, address, social security number, etc.) is obtained by a hacker and unauthorized access to documents containing sensitive personal information of an employee.
In Memorandum OU-LAPSS No. 31, s. 2019, DepEd Central Office through the Office of the Undersecretary for Legislative Affairs, External Partnerships, and School Sports has requested all DPA Focal Persons from their respective regions/divisions/schools/offices to submit their 2018 Security Incident Report which shall be included in the DepEd 2018 Security Incident Report for submission to the National Privacy Commission (NPC).
To comply with the directive, all public schools in the Division, thru its established School Data Privacy Compliance Team, are required to submit their respective Security Incident Report covering the period from January 1 to December 31, 2018. Attached is the format to be used in the preparation and submission of the report to the Legal Unit of this Division on or before February 04, 2018.
For purposes of accurate reporting, please be reminded that a report should still be submitted even if no incident of data breach occurred in the school for the given period by indicating “0” in the portions referring to the total number of security incidents involving personal information and information impact categories.
For immediate and strict compliance.
