The National Privacy Commission (NPC) has warned online merchants or sellers against the unauthorized disclosure or processing and improper disposal of their customers’ personal data, which are prohibited acts under the Data Privacy Act of 2012 (DPA).
Instances of alleged bogus online sellers in Cebu have been brought to the attention of the NPC. These online sellers allegedly sent items to individuals who did not purchase them. These sellers may have acquired the individuals’ personal data through misuse, malicious disclosure, or improper disposal of information.
Under the DPA, online stores are required to employ reasonable and appropriate organizational, physical and technical security measures, the same way physical stores are mandated to perform, the privacy body said.
Section 25 of the Implementing Rules and Regulations of the DPA states that security measures must be intended to prevent “accidental or unlawful destruction, alteration, and disclosure, as well as against any other unlawful processing” of personal data.
“We call on owners and operators of online stores to adopt best data privacy practices and to always observe compliance with the Data Privacy Act. The lack of security and privacy practices compromises your customers’ personal data, which can only lead to your loss. Consumer trust, your income, and your reputation will suffer when unauthorized disclosure of personal data happens,” NPC chair Raymund Liboro said.
Online sellers are strongly advised to do the following:
- To collect only personal data that is necessary to the transaction;
- To be transparent by providing a privacy notice on their respective websites;
- To use customers’ personal data only for the declared purpose;
- To keep the data for a limited time;
- To securely dispose of such data, that would prevent further processing and/or unauthorized access or disclosure.
The NPC likewise urged online shoppers to do their part in protecting their personal data. In September last year, the agency shared an online shopping safety video under the PSST (Privacy, Safety, Security, and Trust) campaign to educate buyers on how to have a safe and secure online shopping experience.
Online shoppers are urged to “check them out before you check out” and read first the online shopping website or app’s privacy notice before transacting.
“Remember that explicit consent is needed before they can use personal data for secondary purposes (e.g., marketing, surveys) and avoid sharing more personal data than what is needed to complete the online purchase. Also, using a unique username and strong password for online shopping accounts is a must,” the NPC said.
The agency also encouraged the general public to purchase only from legitimate, trustworthy, and secure online shopping websites. These secure websites have URLs that begin with HTTPS and have the padlock sign or image, it said.
“In addition, online shoppers are reminded to check the website for security certificates based on international standards,” it said.