As this incident involves the stealing of personal data that caused financial harm, Bank X must notify the victims and the National Privacy Commission (NPC) of the breach. Subsequent to the initial notification to the NPC, Bank X needs to fully investigate the personal data breach. Affected data are personal data, but there is no real risk of serious harm. Annual security incident reports should include both successful and unsuccessful security incidents. By the end of March 2018, Phase II of the registration process and the filing of the first annual security incident report will have been completed.

Source: Manila Times March 06, 2018 17:03 UTC