Repurposing personal data is punishable under the Data Privacy Act (DPA), the NPC said in an advisory issued on October 23 in response to complaints from citizens against business establishments over mishandling and misuse of contact-tracing data, such as a customer’s name, address, age, cellphone number and e-mail.
Category: Data Privacy
As a privacy advocate, I feel there are so many other things to be said about how the government has handled this task of helping businesses set up their respective contact tracing systems.
The NPC said the chief concerns were the improper use of logbooks and the lack of appropriate data-protection measures that left in the open filled-out contact-tracing forms that contain customers’ data, such as names, addresses and contact details, which other people could see.
The guidelines cover areas such as online decorum, learning management systems, online productivity platforms, social media, storage of personal data, webcams and recording videos of discussions, and proctoring.
The suggestion of some business groups to temporarily suspend the Data Privacy Act (DPA) is wrong in so many ways, ill-conceived, shortsighted, and ultimately irresponsible.
In a strongly-worded statement, the privacy body said science and medical ethics dictate that publicly naming Covid-infected individuals is counterproductive and won’t help in decreasing the transmission of infection.
Among the guidelines contained in Advisory No. 2020-1 that the Data Privacy Council Education Sector issued recently is that schools must consider getting the consent of the parent or legal guardian of students below 18 years old before webcam-supported online discussions are recorded.
The statement comes in light of inquiries and information communicated to National Privacy Commission that private establishments as well as some government agencies collect signatures and other personal data that are immaterial in contact-tracing efforts.