UPON entering a call center in Ortigas, applicants must surrender an ID in exchange for an NFC-equipped card to gain access to various parts of the HR department for tests and interviews. The IDs collected are sorted into a transparent, plastic and numbered pigeonhole for later retrieval. Everything collected is in full view of the person surrendering his ID.
In the other side of town, in a building owned by a transport cooperative in Manila, visitors going to a seaman’s center log in with their names, cellphone number and surrender their IDs which are placed into a curious box with clips to fasten numbers corresponding to tags that people entering clip to their shirts. Retrieval of the IDs require some work coming out of the curious box.
At a car dealer in Dagupan, agents take photos of buyers’ faces with their phone camera for later uploading to the dealer’s computers. Same is done for IDs like licenses and passports because the office scanner is normally full processing customers. There is no regulation or policy on how the photos are stored just a statement that it will be deleted upon uploading to the database.
Entering a village in Quezon City from Luzon Ave., the guards at the gate will take the driver’s license and put it in front of the CCTV camera to be captured briefly. Refusal to do so means exiting the village gate by a u-turn back into Luzon Ave.’s perpetually heavy traffic.
Recently, the National Privacy Commission (NPC) released guidelines on capturing sensitive personal information on the face of identification cards like licenses and passports. Capturing and storing these without proper guidelines or policies can lead to data breaches and fraud.
The Data Privacy Act of 2012, is firm in the implementation of related regulations and the imposition of penalties and administrative fines to ensure data protection and security. Organizations handling personal data must understand the gravity of non-compliance and the potential repercussions.
It outlines the need for consent–explicit consent–from individuals must be secured, especially when it comes to sensitive personal information like those that appear in a driver’s license or an SSS ID. It is also very particular about creating and posting privacy notices that are clear, comprehensive, and transparent The NPC notes that “this notice should outline the purpose of the data processing, security measures in place, retention period, and limitations on its use.”
A communique issued by the agency indicates that “stringent policies must be enforced to ensure that photos taken via personal devices adhere to company protocols and DPA requirements. Implementation of encryption, access controls, and other tools can prevent misuse.”
And equally important is the proper disposal of data in terms of timing, procedure. This now becomes part of the audit process. The NPC warns that well-defined policies and procedures must be in place “for the timely disposal and deletion of captured photos once their intended purpose is fulfilled. PICs should carry out audits to verify compliance with these policies.”
The growing digitalization of personal information necessitates stringent privacy measures. By adhering to the NPC’s guidelines, businesses and organizations can safeguard sensitive data, respect individuals’ privacy, and contribute to a secure digital environment. The importance of respecting personal information cannot be overstated, and implementing these practices is a crucial step towards a safer data landscape for everyone involved.
