Data privacy is about protecting the privacy of personal information. However, processing and sharing of personal information are allowed when it is needed to protect people's health and well-being. Or when public order and safety require it.
In the February 4, 2020 Senate probe on the nation’s response to the Coronavirus threat, the DOH Secretary informed the Health Committee that contact tracing of passengers was being delayed because of the Data Privacy law, an excuse presumably given by the airlines for not providing the names and contact numbers of passengers who were in the same flight as the victim infected with the virus was.
The Data Privacy Law allows legitimate processing of personal data when provided for by existing laws and regulations or to protect the life and health of the data subject or another person. In fact, withholding useful contact numbers (phones or addresses) of persons whose health may be at risk or worst may affect the health of others, as in the spread of a deadly disease, is in itself a crime.
Surely the airlines, the DOH, and all other task group members carrying out the task of preventing or limiting the spread of the coronavirus are aware that the Data Privacy law cannot be an acceptable excuse for the continued delay in the contact tracing effort of the DOH, the lead agency in preparing the country’s defense against the virus intrusion.
The Data Privacy law requires that all companies—public and private—must comply with the proper protection of personal information of data subjects, with notable exceptions. In the case of the Coronavirus, the whole country’s health and well-being depend on everyone noting this exception.
But to what extent can this sensitive personal information be used without violating the personal data privacy of the identified passengers? To the extent that said access, use, and processing of collected personal data, be handled and processed accordingly by authorized personnel only. That means all authorized personnel should be properly oriented and trained to carry out the proper use, handling, and processing of personal data entrusted in their care and protection, in accordance with the provisions in the Data Privacy Law. And if they are not trained in Data Privacy protection?
The question then becomes: are those entrusted with passengers’ personal data, duly trained to protect the personal data in accordance with the lawful provisions in the Data Privacy Act of 2012?
If not trained in protecting personal data, the DOH, the Airlines, the PNP and all the appointed and assigned team members and personnel of the Coronavirus Task Force would be in violation of the Data Privacy law!
The need for Data Privacy training becomes of paramount importance to safeguard both the privacy of personal information as well as the health and well-being of all those affected or suspected to have been exposed to the Coronavirus.
Learn all about Data Privacy Compliance now!