Software teams developing Covid-19 contact-tracing apps for local government units (LGUs) are advised to incorporate a privacy-by-design (PbD) approach and allow users to opt in and out of digital contact tracing.
The capture, use, retention and destruction of video and/or audio footage obtained from CCTVs are forms of personal data processing under the Data Privacy Act.
Repurposing personal data is punishable under the Data Privacy Act (DPA), the NPC said in an advisory issued on October 23 in response to complaints from citizens against business establishments over mishandling and misuse of contact-tracing data, such as a customer’s name, address, age, cellphone number and e-mail.
As a privacy advocate, I feel there are so many other things to be said about how the government has handled this task of helping businesses set up their respective contact tracing systems.
The NPC said the chief concerns were the improper use of logbooks and the lack of appropriate data-protection measures that left in the open filled-out contact-tracing forms that contain customers’ data, such as names, addresses and contact details, which other people could see.
The guidelines cover areas such as online decorum, learning management systems, online productivity platforms, social media, storage of personal data, webcams and recording videos of discussions, and proctoring.
The suggestion of some business groups to temporarily suspend the Data Privacy Act (DPA) is wrong in so many ways, ill-conceived, shortsighted, and ultimately irresponsible.
In a strongly-worded statement, the privacy body said science and medical ethics dictate that publicly naming Covid-infected individuals is counterproductive and won’t help in decreasing the transmission of infection.