By James A. Loyola
The Securities and Exchange Commission (SEC) has ordered the Philippine Stock Exchange, Philippine Dealing and Exchange Corporation, listed companies and other market institutions to comply with data privacy laws and data protection regulations.
In a statement, the SEC said that, “aside from the Data Privacy Act and the EU General Data Protection Regulations, the Securities Regulation Code rules mandate market participants to have comprehensive information technology plan.”
They are also required to subject their IT, trading, business continuity, disaster recovery and risk management systems to a regular review and audit by independent firm.
“These are designed to ensure that trading in the market are efficient, not interrupted and not susceptible to glitches, as well as for the protection of personal and other data against any accidental or unlawful destruction, alteration and disclosure, and against any other unlawful processing,” said the SEC.
The market institutions, including listed companies and stock brokers, are required to submit compliance report within 30 days.