GUIDELINES FOR SECURITY INCIDENT MANAGEMENT
"Security Incident" is an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It shall include incidents that would result to a personal data breach, if not for safeguards
"Personal data breach" refers to a breach in security leading to the accidental or unlawful destruction, loss, altercation, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed. A personal data breach may be in the nature of:
1. An availability breach resulting from loss, accidental or unlawful destruction of personal data;
2. Integrity breach resulting from altercation of personal data; and/or
3. A confidentiality breach resulting from the unauthorized disclosure or access to a personal data.
I. The Data Response Team
A. Constitution of a Data Breach Response Team
The Medical Center Chief as Personal Information Controller constitutes a data breach response team, with one (1) member with the authority to make decisions regarding a critical action, if necessary.
B. Responsibilities of the Data Response Team:
1. Implementation of the security incident management policy;
2. Management of security incidents and personal data breaches; and
3. Compliance by the PIC with the DPA and its IRR and all related issuances by NPC.
C. Specific Functions of the Data Response Team
1. Be ready to assess and evaluate a security incident
2. Restore integrity to the information and communications system
3. Mitigate and Remedy any resulting damage
4. Comply with reporting requirements
5. Submit a written report addressed to the Data Protection Officer detailing the actions taken in compliance with the IRR.
II. Procedure for incident Response
A. The Compliance Officer for Privacy (COP) of the unit shall be responsible for the regular monitoring and evaluation of security incidents.
B. The COP shall set in motion the incident response procedure in the event of a possible or confirmed personal data breach
1. COP shall conduct a preliminary assessment for the purpose of:
a. Assessing the nature and scope of the personal data breach and the immediate damage;
b. Notifying the Data Privacy Officer with a description of the personal data breach, its root cause and circumstances regarding its discovery and immediate actions
c. With the DPO and the Data Breach Response Team, implementing immediate measuresto secure any evidence, contain security incident and restore integrity to the information and communications system.
C. Documentation: All actions taken by the Data Response Team shall be properly documented and reported to the DOP and PIC< to include:
1. Description of the security incident or personal data breach, its root cause and circumstances regarding its discovery;
2. Actions and decision of the incident response;
3. Outcome of the incident or breach management and difficulties encountered;
4. Compliance with assistance provided to affected data subjects.