Search for:
Asia-Pacific

Philippines: COVID-19 – Guidelines for proper handling of customer and visitor information for contact tracing issued by the National Privacy Commission

By , and 3 Mins Read

In brief

On 8 July 2020, the National Privacy Commission (NPC) released NPC PHE Bulletin No. 15 to guide establishments on the proper handling and protection of personal data collected from customers and visitors of barbershops, salons, restaurants, and fast-food businesses, in relation to the guidelines covering such establishments issued by the Department of Trade and Industry (DTI).

Contents

    1. Collect only what is necessary. Collection of personal data should be limited to only such information as required under existing government issuances and the processing of such should be proportional to the purpose of contact tracing. Establishments may adopt sample health checklist forms issued by government agencies.
    2. Be transparent. Establishments should inform their customers and visitors of the collection of their personal data and the reasons for such collection. This can be done by posting a privacy notice which is readily visible within the establishment’s premises or, if electronic means is used, posted in the platform prior to collection. The privacy notice should be easy to access and understandable, and must use clear and plain language.
    3. Use information only for the declared purpose. Repurposing the use of personal data collected for purposes other than contact tracing and storing data for speculative use is not allowed. Establishments are responsible for reminding their employees and third-party service providers, such as security personnel, that doing is punishable under the Data Privacy Act of 2012 (DPA).
    4. Implement security measures. Establishments have the obligation to implement reasonable and appropriate safeguards (organizational, physical, and/or technical security measures) to protect the personal data of their customers and visitors against any accidental or unlawful processing, alteration, disclosure, and destruction.
    5. Keep the data only for a limited period. All personal data collected for the purpose of contact tracing shall be retained only for a period allowed by existing government issuances. After which, all personal data should be disposed of in a secure manner.

Actions to consider

Clients who are part of the covered establishments are advised to strictly comply with the guidelines to prevent any data privacy and security issues from arising. The bulletin is also a helpful guide for clients who may not be engaged in the aforementioned industries, but have reopened their establishments or are planning to reopen in the near future. Clients are advised to review their current data privacy and security measures and protocols to ensure that these are up-to-date.

1. DTI Memorandum Circular No. 20-37

2. DTI Memorandum Circular No. 20-28

*In cooperation with Quisumbing Torres, a member firm of Baker & McKenzie International, a Swiss Verein. Please contact [email protected] for inquiries

Categories:
Author

Bienvenido Marquez III is a partner and head of Quisumbing Torres' Intellectual Property, Data and Technology Practice Group. He also co-heads the Consumer Goods & Retail Industry Group and is a member of the Technology, Media & Telecommunications Group. He participates in initiatives of Baker & McKenzie International of which Quisumbing Torres is a member firm. He is a member of Baker McKenzie's Asia Pacific Intellectual Property Steering Committee and the Asia Pacific Intellectual Property Business Unit for Brand Enforcement. He is immediate Past President of the Philippine Chapter of the Licensing Executives Society International (2019-2021), and is currently co-chair of the LESI Asia Pacific. He is also a member of the Anti-Counterfeiting Committee of the International Trademarks Association (INTA). Bien has vast experience in handling IP enforcement litigation, trademark and patent prosecution and maintenance, copyright, data privacy, information security, IT, telecommunications, e-commerce, electronic transactions, cyber security and cybercrime. He has been consistently ranked as a leading individual for Intellectual Property and TMT in Legal 500 Asia Pacific, Chambers Asia Pacific, asialaw Leading Lawyers, Managing IP Stars, Asia IP, and World Trademark Review. He was also recognized as a Volunteer Service Awardee by INTA in 2018.

Author

Divina Ilas-Panganiban is a partner in Quisumbing Torres’ Intellectual Property and Information Technology & Communications practices. She has 15 years of experience in the fields of intellectual property law, commercial law and litigation. She currently serves as the Vice-President and Director of the Philippine Chapter of Licensing Executives Society International. Ms. Panganiban often serves as resource speaker in local and international seminars on IP and IT laws.

Author

Reena Mitra-Ventanilla is a partner in Quisumbing Torres’ Intellectual Property, Data and Technology Practice Group. She is a member of the Consumer Goods & Retail and Financial Institutions Industry Groups. She has 13 years of experience handling intellectual property and technology matters. She is currently the corporate secretary of the Philippine Chapter of the Licensing Executives Society International and the assistant corporate secretary of the Philippine Franchise Association. Reena is recently cited as a Next Generation Partner in Intellectual Property by the Legal 500 Asia Pacific 2021.

Related Posts