How Blancco Helps Organizations Comply with Philippines Central Bank Circular 982

Cyberthreats pose an increasing risk to financial services organizations worldwide, including those in the Philippines. To strengthen the security posture of Bangko Sentral supervised financial institutions (BSFIs), Bangko Sentral ng Pilipinas, the Central Bank of the Philippines, issued Circular No. 982 in late 2017. Since the designated year for coming into compliance has now passed, BSFIs are being held accountable for implementing the Circular’s enhanced guidelines on information security management.

What is a Cyberthreat?

Circular 982 defines a cyberthreat (or, “cyberattack,” “cyber fraud” or “cyber-related incident”) to be “a deliberate act of omission or commission by any person carried out using the internet and/or other electronic channels, in order to communicate false or fraudulent representations to prospective victims, to conduct fraudulent transactions, or to illegally obtain proprietary data or information related to the institution, their customers and other stakeholders.” [Emphasis added.]

For financial institutions and other organizations, this proprietary content includes sensitive data being actively used for carrying out business. It also includes data that is being transferred from one device to another or data that has reached the end of its retention period or usefulness. In either instance, confidential data can be vulnerable without proper data erasure processes in place.

How Does Circular 982 Affect Philippine BSFIs?

Under the new regulation, BSFIs must report major cyber-related incidents and financial services and operations disruptions within two hours of discovery. BSFIs are also directed to protect information throughout its lifecycle, from handling, storage (data at rest), transmission (data in transit) and up to the disposal phase.

Circular 982 guidelines also intersect with other data privacy and protection regulations, including The Law on Secrecy of Bank Deposits, the Data Privacy Act of 2012 and the requirements of the Payment Card Industry Data Security Standard (PCl DSS). Data erasure plays a critical role within each of these data protection mandates.

The Role of Data Erasure in Philippine Information Security Management

A robust data sanitization program limits the amount of data that can be exposed during a breach and enables compliance with complementary financial privacy and security regulations.

The following table shows how integrating Blancco data erasure solutions could fit within your institution’s information security program (ISP) and information security strategic plan (ISSP) to ensure compliance with Circular 982.

Download the Solution Brief.