Search for:

In brief

On 8 July 2020, the National Privacy Commission (NPC) released NPC PHE Bulletin No. 15 to guide establishments on the proper handling and protection of personal data collected from customers and visitors of barbershops, salons, restaurants, and fast-food businesses, in relation to the guidelines covering such establishments issued by the Department of Trade and Industry (DTI).


Contents

    1. Collect only what is necessary. Collection of personal data should be limited to only such information as required under existing government issuances and the processing of such should be proportional to the purpose of contact tracing. Establishments may adopt sample health checklist forms issued by government agencies.
    2. Be transparent. Establishments should inform their customers and visitors of the collection of their personal data and the reasons for such collection. This can be done by posting a privacy notice which is readily visible within the establishment’s premises or, if electronic means is used, posted in the platform prior to collection. The privacy notice should be easy to access and understandable, and must use clear and plain language.
    3. Use information only for the declared purpose. Repurposing the use of personal data collected for purposes other than contact tracing and storing data for speculative use is not allowed. Establishments are responsible for reminding their employees and third-party service providers, such as security personnel, that doing is punishable under the Data Privacy Act of 2012 (DPA).
    4. Implement security measures. Establishments have the obligation to implement reasonable and appropriate safeguards (organizational, physical, and/or technical security measures) to protect the personal data of their customers and visitors against any accidental or unlawful processing, alteration, disclosure, and destruction.
    5. Keep the data only for a limited period. All personal data collected for the purpose of contact tracing shall be retained only for a period allowed by existing government issuances. After which, all personal data should be disposed of in a secure manner.

Actions to consider

Clients who are part of the covered establishments are advised to strictly comply with the guidelines to prevent any data privacy and security issues from arising. The bulletin is also a helpful guide for clients who may not be engaged in the aforementioned industries, but have reopened their establishments or are planning to reopen in the near future. Clients are advised to review their current data privacy and security measures and protocols to ensure that these are up-to-date.

1. DTI Memorandum Circular No. 20-37

2. DTI Memorandum Circular No. 20-28

*In cooperation with Quisumbing Torres, a member firm of Baker & McKenzie International, a Swiss Verein. Please contact [email protected] for inquiries

Author

Bienvenido Marquez III is a partner and head of Quisumbing Torres' Intellectual Property Practice Group and Information Technology & Communications Industry Group. He is also a member of Baker McKenzie's Asia Pacific Intellectual Property Steering Committee. He is experienced in handling IP enforcement litigation, trademark and patent prosecution and maintenance, copyright, data privacy, information security, IT, telecommunications, e-commerce, electronic transactions and cybercrime matters. He also counsels clients on compliance with consumer product laws, including packaging, labeling and regulatory requirements for food, drugs and devices and cosmetics, and conducts administrative litigation relating to the same.

Author

Divina Ilas-Panganiban is a partner in Quisumbing Torres’ Intellectual Property and Information Technology & Communications practices. She has 15 years of experience in the fields of intellectual property law, commercial law and litigation. She currently serves as the Vice-President and Director of the Philippine Chapter of Licensing Executives Society International. Ms. Panganiban often serves as resource speaker in local and international seminars on IP and IT laws.

Author

Reena Mitra-Ventanilla is a partner in Quisumbing Torres’ Intellectual Property Practice Group. She has about twelve (12) years of experience handling intellectual property rights prosecution, litigation and enforcement. For a time, she also practiced civil, criminal, labor and maritime laws. She is currently the corporate secretary of the Licensing Executives Society Philippines and the assistant secretary of the Philippine Franchise Association.