The Securities and Exchange Commission has ordered the stringent cybersecurity compliance among market participants after several companies reported a data breach.
The SEC in a letter reminded the Philippine Stock Exchange and Philippine Dealing & Exchange Corp. and all market participants to comply with the requirements of the data privacy laws and data protection regulation which might have impact on processes of private entities.
The SEC issued the order after several companies, including ABS-CBN Corp., Jollibee Foods Corp., COL Financial, Wendy’s Philippines, reported data breach that might have exposed the personal and financial information of their customers and clients.
The Data Privacy Act of 2012 aims to protect personal data in the information and communications systems both in the government and private sectors.
It requires organizations processing personal data to develop policies and implement measures to protect personal data under their custody.
The SEC also ordered all market participants to submit a comprehensive information technology plan and subject their IT, trading, business continuity, disaster recovery and risk management systems to a regular review and audit by independent firm.
“These are designed to ensure that trading in the market are efficient, not interrupted and not susceptible to glitches, as well as for the protection of personal and other data against any accidental or unlawful destruction, alteration and disclosure, and against any other unlawful processing,” the SEC said.
The requirement is provided under the Securities Regulation Code.
The SEC said all market participants were required to submit compliance report within 30 days.