THE National Privacy Commission (NPC) is looking into the alleged mishandling of contact tracing information obtained by several establishments from customers who visit their shops.
“The chief concerns were the improper use of logbooks and the lack of appropriate data-protection measures that left in the open filled-out, contact-tracing forms that contain customers’ data, such as names, addresses and contact details, which other people could see,” NPC said in a statement.
The NPC did not name the establishments. It only said the subject of complaints were malls, supermarkets, fast-food and drugstore chains, a European fast-fashion retailer, and a North American coffee shop franchise holder.
Under the Data Privacy Act, violators face a fine of up to P5 million and imprisonment of a maximum of six years.
Khane Raza, director of the NPC Compliance and Monitoring Division, said the agency met on October 9 with data protection officers from the privacy council for the retail and manufacturing sector to guide their contact-tracing practices, including ensuring no “accidental and unauthorized viewing” of collected data.
Raza the retail and manufacturing sector was advised to ensure that their firms adopt best data-privacy practices, such as collecting the minimum necessary information; providing transparent data privacy notice; having proper disposal mechanism; imposing a limited period for storage; and training employees on data privacy protocols.
Presidential spokesman Harry Roque urged private firms to comply with data privacy guidelines.