The National Privacy Commission (NPC) launched the Data Breach Notification Management System (DBNMS) which enables a simpler and faster method of handling Personal Data Breach Notifications as well as Annual Security Incident Reports.

As per the mandate of the NPC Circular No. 16-03, the DBNMS brings into conformity and automates the system such that personal information controllers (PICs) will find it easier to submit Personal Data Breach Notification. It is a stark contrast to the previous manual process, which came with its extensive constraints, including concerns over public transparency.


By design, any PIC, including those with multiple offices and branches, will only have a single account in the DBNMS. However, in cases where the PIC has affiliations to other related entities or companies, each such connection must be registered into the system separately. Said company or entity plays a critical role in the maintenance and submission of reporting requirements to the NPC.

Effectively, with the DBNMS, the National Privacy Commission will no longer be taking Breach Notification and Annual Security Incident Report submissions through any other means aside from the online platform. More accurately, any presentation committed via email, ordinary mail, personal filing, licensed courier service, and any other method that involves physical submission will be deemed invalid.

To access the NPC DBNMS, check out the official website here:

Leave a comment

Your email address will not be published. Required fields are marked *