[ad_1]
MANILA – The National Privacy Commission (NPC) is investigating various business establishments for possible violations of the Data Privacy Act (DPA) due to improper handling of contact tracing data.
In a statement, the APN said it has received several reports of business establishments “mishandling” contact tracing data, such as improper use of log books leaving filled contact tracing forms open to the eyes of the public. public, using personal data for other purposes. contact tracking, absence of a privacy notice and an unfounded retention period for customer data.
“Several commercial establishments, from a shopping center, drug and fast food chains and supermarkets to a European fast fashion retailer and a coffee shop franchise in North America, have been the subject of citizen reports of contact abuse and misuse. tracking data, ”said the NPC.
Depending on the violations committed, he said companies can be sanctioned under the DPA with up to PHP5 million in fines and imprisonment for a maximum of six years for multiple violations.
NPC Commissioner Raymund Liboro said that the compliance checks that the NPC would carry out in commercial establishments are both pro-consumer and pro-business, as they would help to gain the trust of customers.
“It is possible to build trust if we have cleared up citizens’ doubts about the possible misuse and abuse of their data. Being careful with customer data improves business (being careful with customer data improves one’s business), ”Liboro said.
NPC’s Director of Compliance and Monitoring, Olivia Raza, recommended that companies address public concerns by collecting only the minimum data necessary, providing a transparent data privacy notice, having an adequate data deletion mechanism, enforcing a limited period for data storage and training employees on data privacy. protocols and their application.
He said the NPC compliance checks would serve as an early warning to help companies prevent further complaints that could lead to lawsuits.
If a company receives a deficiency notice after a compliance check, it said its management must “act and address the deficiencies within the prescribed time. Failure to do so may result in orders, such as a cease and desist order. “
Gela Boquiren, head of the privacy council for the retail and manufacturing sector, said that retailers should base their contact tracing forms on two joint memorandum circulars: the “Privacy Guidelines on the Processing and Disclosure of Covid-Related Data. -19 for Disease Surveillance and Response ”from the NPC and the Department of Health and the“ Complementary Guidelines on Prevention and Control of Covid-19 in the Workplace ”from the Department of Commerce and Industry and the Department of Labor and Employment. (PNA)
[ad_2]
