National Privacy Commission (NPC): What You Need to Know

When it comes to your data privacy and security, it’s important to know your rights and responsibilities as both a consumer and a business owner. This is where the National Privacy Commission comes in. The NPC is the government agency responsible for protecting the privacy rights of Filipinos, and it’s important that you know what it does and how it can help you.

Also Read: Data Protection and Privacy Act in the Philippines

In this article, we’ll share some important facts about the NPC. We’ll also explain how it works, what kinds of issues it deals with, and where to go for more information. Keep on reading.

NPC: What You Need to Know About the National Privacy Commission

What is the meaning of NPC?

The NPC which stands for the National Privacy Commission is the country’s privacy watchdog; an independent body mandated to administer and implement the Data Privacy Act of 2012, and to monitor and ensure compliance of our laws with international standards set for data protection. The main objective of NPC is to promote the right of individuals to privacy, and prevent the violation of such rights through effective administration and enforcement of the Data Privacy Act.

This government agency is tasked with protecting the personal information of individuals and safeguarding them from any form of abuse. The NPC aims to ensure that data collected by companies is used for legitimate purposes only and the security of such information is ensured.

History of NPC

The Philippines’ Data Privacy Act of 2012 is the country’s first law that protects the privacy and rights of individuals. It aims to enforce the responsibilities of companies and individuals who process their personal data.

The initial definition of the term “personal data” was provided in the Philippines’ Republic Act 8792, which is also known as the eCommerce Act. It was then introduced by the DTI through an administrative order.

The first draft of the law was created in 2001 by the ITECC Legal and Regulatory Committee, which was headed by Virgilio Pea, a former secretary. It was chaired by lawyer Claro Parlade.

The Privacy and Security Sub-Committee was composed of Albert Dela Cruz, who was the President of the Philippine Cybercrime Enforcement Agency (PHCERT), and Atty. Eldred Meneses of the NBI. The presidential management staff handled the functions of the CICT Secretariat.

The committee was established to address the concerns about the security and privacy of individuals’ personal data. It was composed of Dela Cruz and Meneses, who was the head of the NBI’s cybercrime division. The presidential management staff handled the operations and administrative functions of the CICT Secretariat.

Due to the concerns raised by the IBPAP regarding the lack of a comprehensive data privacy law in the country, the Senate Bill 2965 and House Bill 4115 were passed by the Philippine Congress on June 6, 2012. On August 15, 2012, President Benigno Aquino III signed the legislation. The law was influenced by the various international agreements that were related to the protection of personal data.

In March 2016, Raymund Liboro was appointed as the head of the newly established Privacy and Security Commission. Ivy Patdu and Damian Mapa joined him as its two deputy commissioners. They continued serving their roles under the presidency of President Duterte.

After extensive consultations with various groups, including private organizations and civil society organizations, the implementing regulations and rules of the Data Privacy Act were released on August 24, 2016. They took effect on September 9, 2016.

In May 2016, the commission conducted an investigation regarding the Commission on Elections security breach. It was one of the biggest security breaches in the country involving holding personal data. On February 21, 2017, the National Police announced that the agency was investigating the theft of a computer that contained voters’ personal data.

The commission started to coordinate with other agencies and organizations in the country to address the various concerns about the protection of personal data. In 2016, it was accepted as a member of international organizations focused on protecting personal data.

Purpose of NPC

The NPC shall promote fairness in data collection, processing, and use to protect personal information and create a culture of privacy. They will also foster a fair market for technology providers with integrity and excellence in public service, so that we may achieve our vision of a competitive, knowledge-based, and innovative nation.

The agency is guided by its vision and mission which is to be a world-class regulatory and enforcement agency that upholds the right to privacy and data protection while ensuring the free flow of information, committed to excellence, driven by a workforce that is highly competent, future-oriented, and ethical; towards a competitive, knowledge-based and innovative nation.

At the same time, its mission is to ensure that personal data are processed responsibly and with due regard for the right to privacy. They shall provide key legal and technical advice on matters related to data protection laws and regulations, review them, ensure compliance with international standards, provide training and awareness programmes on information security and privacy issues, issue licences for collecting personal data, perform inquiries into breaches of privacy laws, prosecute violators following their best efforts as enforcers, enforce civil liabilities imposed by law, implement laws and regulations related to data privacy in all other aspects of governance.

Functions and Responsibilities

As the country’s data protection authority, the NPC will be responsible for the following:

The NPCD shall be responsible for ensuring compliance with the Personal Data Protection Act (PDPA). It can issue directives to protect individuals from any violation of their rights under this law. The NPCD can conduct investigations into breaches of privacy laws and prosecute violators. It has powers to levy fines against offenders in cases where monetary compensation is not possible or appropriate.

List of Programs and Services

The NPC, in its bid to ensure the protection of individuals’ personal data, offers a range of programs and services. These include:

Privacy, Safety, Security, and Trust Online (PSST!): The goal of the PSST! campaign is to raise awareness about the importance of data subjects in creating a secure and resilient digital space. This campaign also aims to empower digital citizens by providing them with the necessary tools and resources to protect their personal information.

The importance of protecting the privacy of your personal information has become more apparent as the rapid emergence and evolution of new platforms and methods of providing services has raised concerns about the potential risks of unauthorized access and use. This is why it is important that both Personal Information Consultants (PICs) and Personal Information Professionals (PIPs) are aware of the various risks associated with these changes.

The National Privacy Commission is committed to providing its citizens with the necessary tools and resources to protect their personal information. To this end, it will launch a public campaign called PSST!, which stands for Privacy, Security, and Trust Online.

Kabataang Digital: The goal of the Kabataang Digital campaign is to raise awareness about the importance of safe online activities for children. This campaign is carried out through the PSST! Online initiative.

It encourages parents and school officials to educate their children about the importance of digital citizenship and safe choices. It also provides a variety of tools and resources that help parents and children navigate the digital environment.

The Kabataang Digital program aims to promote digital citizenship among Filipino youth, who will be the agents of change on data privacy rights. It also aims to educate young people about the positive uses of technology and the importance of data privacy.

If you want access to resources for the youth, visit the Kabataang Digital initiative. You can also check out the PSST! Online website, which has various resources for parents, teachers and students.

T3 Program: In 2018, the Privacy Commission of the Philippines launched a program aimed at developing the skills of data protection officers in the country. The program aims to provide a framework for DPOs to address the increasing demand for ethical and effective practices.

The DPO ACE program aims to expand the scope and number of trainers who can provide the public with the necessary information about implementing the Data Privacy Act of 2012. This Act was enacted to protect the privacy of individuals.

If you’re interested to apply for the T3 Program, you should do the following:

1. Send a letter of intent to PHIL DPO at In addition to your company name and address, the letter should also include a brief description of your training experience and why you should be considered for accreditation.

2. Submit your documents. You need to gather various documents to determine if you are qualified to participate in the program. These documents can be found in the T3 Procedural Guidelines and the FAQ section. If you would like to submit a digital copy of these documents, please contact the DPO at

3. Evaluation. The agency will begin evaluating your application as soon as they receive all of the necessary documents. They may contact you for more information if necessary.

4. Approval of Accreditation. The agency will issue a Certificate of Accreditation once they have found you qualified for the position. A digital copy of this certificate will be sent to you via email and other documents related to your offer letter and employment contract.

5. Maintenance of Accreditation.

Once you are accredited, you need to be sure that all your internal policies and procedures conform with applicable standards.

Online Services:

DPO Registration: The NPC provides a digital platform where you can register your company and its accreditation. This will allow the NPC to verify that you are accredited by a recognized body and provide other services such as sending out official documents and notices. You can access this online service from any device with internet access.

Appointing a Data Protection Officer: A Data Protection Officer is a legal requirement for both personal information processors and personal information controllers. This individual should be able to ensure that the organization’s policies and procedures are followed properly when it comes to protecting the privacy of the data collected. In today’s information age, it is very important that organizations have a dedicated focal person who is responsible for protecting the privacy of the data they collect.

A DPO can help you remain competitive and improve your customer service by ensuring that your procedures and policies are followed properly. It can also help you grow public awareness about the importance of protecting personal data.

Privacy Impact Assessment: A privacy impact assessment is a tool that aims to evaluate the potential impacts of a process or initiative on the privacy of individuals. It can be used to identify areas of concern and develop effective measures to address these issues.

A privacy impact assessment report may contain documentation related to the measures taken to address the issue of risk treatment. It can also be used to identify areas of concern and develop effective measures to address these issues. A PIA is more than just a tool. It’s a process that starts at the initial stages of an initiative and is designed to ensure that the privacy of individuals is protected.

The process of conducting a privacy impact assessment is carried out on an ongoing basis, even after the project has been deployed. It can be used to identify areas of concern and develop effective measures to address these issues.

Creating a Privacy Manual: This document is designed to comply with the requirements of the Data Privacy Act of 2012 and the various other policies and procedures related to protecting personal data. This organization values and respects the privacy of its customers and employees. It ensures that all of the information it collects is processed in a manner consistent with the principles of transparency, lawful purpose, and proportionality.

This document will help you understand how we protect and secure the information we collect. It will also provide you with the necessary tools and resources to exercise your rights under the law.

Implementing Privacy and Data Protection Measures: This organization implements various measures to ensure that the information it collects is protected from unauthorized access and misuse.

Exercising Breach Reporting Procedures: All security incident reports and breach notifications that must be submitted through the DBNMS online platform will be handled through the same process. However, submissions through various modes of physical submissions, such as mail, email, and licensed courier service, are not considered valid.

Video: Privacy.Gov.PH: Government at the Forefront of Protecting the Filipino in the Digital World

Privacy.Gov.PH: Government at the Forefront of Protecting the Filipino in the Digital World, was the first data privacy summit in the Philippines. Here are the highlights of the two-day event, in which over 250 attendees learned the basics of compliance with the Data Privacy Act of 2012 and participated in workshops of several areas of focus.

Frequently Asked Questions

1. When was the data privacy law passed in the Philippines?

Due to the concerns raised by the IBPAP regarding the lack of a data privacy law in the country, the Philippine Congress passed House Bill 4115 and Senate Bill 2965 on June 6, 2012. On August 15, 2012, President Benigno Aquino III signed Republic Act 10173, a follow-up to the previous legislation. The new law was based on the recommendations of the APEC Privacy Framework and the European Union’s Data Protection Directive.

2. What is the data privacy act of 2012?

The Philippines’ Data Privacy Act of 2012 is the country’s first law that gives individuals more control over their personal data. It aims to protect the privacy and security of their information.

3. What is the role of the Commission in the protection of personal data?

The Commission has various policies and procedures that it uses to protect the privacy of individuals. These include the establishment of data protection guidelines and circulars.

4. When did the Data Privacy Act take effect?

It took effect on September 9, 2016.

5. When was the Anti-Cybercrime Bill passed?

The first draft of the Anti-Cybercrime Bill was introduced in 2001. It was developed by the ICTEC Legal and Regulatory Committee, the same group that developed the CICT.

6. What is NPC service?

The NPC uses a third-party service to collect non-identifiable web traffic data. This service does not share this information with other parties.

7. What happens when you give out personal information?

These types of incidents often lead to identity theft, fraud, and damage to reputations. Organizations and individuals can also be affected by these types of crimes.


The NPC upholds the right to privacy and freedom of expression while protecting the country from cybercrime. Filipinos need to understand their rights when it comes to data privacy and be responsible users of the internet.

As an agency, the NPC offers various services to help Filipinos protect their privacy and security online. The NPC is committed in implementing the NDCMP, especially its elements on data protection and privacy, as well as in addressing issues related to data security.

Now, more than ever, we hope that Filipinos will be aware of the importance of data security and privacy, and that we all play a role in protecting our country from cybercrime. To foster this kind of awareness and responsibility, the NPC will continue to provide people with information about how they can protect the privacy of their personal data and about what they should do if they suspect that their data has been compromised.

READ NEXT: Data Protection and Privacy Act in the Philippines

Contact Information

Address: 5th Floor, Delegation Building Philippine International Convention Center PICC Complex, Roxas Boulevard, Manila, 1307
Telephone Number: 234-22-28
Facebook Page:
Google Map Location:


Leave a Comment