THE National Privacy Commission (NPC) is inviting entities to come forward and file complaints against those which may committed data privacy violations in relation to the new coronavirus disease 2019 (COVID-19) pandemic.
The NPC is currently conducting an investigation on several breach notifications which involve the unauthorized disclosure of sensitive personal information of 154 suspect, probable and confirmed COVID-19 patients.
“The NPC is now looking into said breach incidents, in accordance with our internal procedures and in collaboration with concerned personal information controllers (PICs), for remediation and other purposes within the bounds of the Data Privacy Act (DPA) of 2012,” said Raymund Liboro, privacy commissioner, in a statement on Saturday.
NPC warned that Section 59a of the implementing rules and regulations of the DPA slaps an imprisonment of one to three years and a fine of P1 million for unauthorized disclosure of personal information.
NPC said punishment for unauthorised disclosure of sensitive personal information is stiffer: Imprisonment is up to five years and fine is up to P2 million.
NPC said between March 15 and April 23, it has received a total 17 COVID19-related personal data breach notifications — 7 were from personal information controllers (PICs) and 10 were from third parties (non-PICs, which include ordinary citizens).
NPC said a total of at least 154 data subjects were affected, composed of suspect, probable, confirmed COVID patients.
NPC will conduct hearings and elevate the cases to the Department of Justice for appropriate action.
