THE National Privacy Commission (NPC) said restaurants, barbershops, and salons tasked with collecting data for contact tracing must limit their use of personal client data.

The Trade department’s health guidelines for restaurant dine-in, barbershop, and salon operations require these establishments to collect data from customers for contact tracing in case of a coronavirus disease 2019 (COVID-19) infection within the premises.

The NPC in a bulletin Thursday said the establishments should only process data needed for the purpose of contact tracing, as required by government issuances. The establishments can limit data collection to the type of health checklist forms issued by the government agencies.

The commission said that establishments should inform customers about the reasons behind the data collection, and seek their consent if their data is used for other purposes.

“Owners and top management must remind their staff as well as third-party service providers, such as security personnel, that using the personal data of customers or visitors for any other purpose is punishable under the law,” the commission said in a statement.

They said establishments must make sure that there are reasonable safeguards to protect the personal data against unlawful processing and disclosure. This includes organizational, physical, and technical measures.

NPC added that once the government guidelines are no longer in force, all personal data collected should be securely disposed of to prevent unauthorized use.

Government guidelines ask establishments to hand out health declaration forms or use mobile applications SafePass and Staysafe.ph.

The government has asked the developers of contact tracing app Staysafe.ph to donate the data to the Health department after former Information and Communications Technology Undersecretary Eliseo M. Rio, Jr. in June questioned the effectiveness of the app. — Jenina P. Ibañez

RELATED ARTICLESMORE FROM AUTHOR