THE National Privacy Commission (NPC) has warned business establishments they may be penalized for up to P5 million if they fail to protect the data listed on contact tracing forms of their customers.
In a statement on Monday, the NPC called on business owners to handle with extra care the data written on contact tracing forms. The agency said firms should understand the gravity of information they have just by collecting basic details from individuals.
Khane S. Raza, director at the NPC’s Compliance and Monitoring Division, said establishments should make a reasonable way to collect data to prevent accidental and unauthorized leakage.
“As you are in the best position to anticipate and manage risks based on your store setup, you should be able to identify points of possible risks for you to develop the security measures appropriate for your operations,” Raza explained.
The NPC said negligent firms may be penalized under the Data Privacy Act with jail time and fines. With a combination of prohibited acts, a violator could be slapped with P5 million in fine and sentenced up to six years behind prison.
Gela Boquiren, head of the Privacy Council for retail and manufacturing, stressed stores should base their contact tracing efforts on the joint memorandum circulars of the government.
The first is the circular issued by the NPC with the Department of Health outlining the process and disclosure of Covid-19 related data for disease surveillance and response. The second is the document released by the Departments of Trade and Industry and of Labor and Employment on the supplemental guidelines on workplace prevention and control of the virus.
“As we start to support our favorite stores physically, we need to accomplish contact tracing forms with correct information so authorities can contact us, just in case,” said Boquiren, who acts as the data privacy officer of San Miguel Corp.
As such, she asked business owners, especially of commercial establishments like malls, to “use proper contact tracing forms and prevent the unauthorized use of customers’ contact details.”
Several business establishments are in hot water after reports of alleged mishandling and misuse of contact tracing data. The NPC reported it is taking steps against these charges on a mall, a fast food, drug store chains, supermarkets, a European fast fashion retailer and a North American coffee shop franchisee.
Chief concerns raised were the improper use of log books and the lack of data protection measures that left in the open filled-out contact tracing forms, which usually contain data on customers’ name, address, contact details, among others.
The government is banking on contact tracing efforts by the private sector
as numerous industries are operating from 50 percent to full capacity. Contact tracing is a crucial step in managing the spread of the virus, as it allows authorities to easily find individuals who may have interacted with someone who contracted Covid-19.
