Under the Data Privacy Law, you cannot disclose sensitive passenger information unless...
The Data Privacy Law requires all employees in the company or agency of government to be trained on how to protect the privacy of personal information.
That includes training the president, down to the cleaning lady and the security guard on how to protect personal information.
Because ignorance of the law puts the personal data privacy of employees and other data subjects (passengers included) at great risk.
In the case of the coronavirus or COVID-19 threat to public health and safety, although airlines are allowed and required, to disclose names and contact information of passengers who may have been exposed to the deadly virus, this must be done only if those giving out the personal information and those receiving the same personal information are duly trained in the rightful and "legal" way of protecting the data privacy rights of passengers or any other affected data subjects.
In short, if those giving out and receiving any personal information are not trained in data privacy protection, they should be.
The companies (airlines) and in this case the agencies of government or their representatives (task force members) although deemed responsible, will violate the Data Privacy Act of 2012 if they are not data privacy trained to give, use, and receive personal information.
The Implementation Rules and Regulation (IRR) of RA 10173, otherwise known as the Data Protection Act of 2012, outlines the data protection measures in collecting, using, sharing, storing, and disposing of personal information.
Let's train and orient our people on the proper implementation of the data privacy law as we move forward to prevent further intrusion and harm from all health hazards coming our way.
For those still trying to comply with the data privacy law, you can comply now. Click here to find out how: https://www.pvpi.co/dataprivacycompliance