THE National Privacy Commission (NPC) said in a statement that contact-tracing organizations must not collect unnecessary information in their forms, such as signatures.
In a statement Thursday, an NPC lawyer, Stephen John Duma of the commission’s Compliance and Monitoring office, said: “In every aspect of the data processing cycle, activities must observe the basic principles of transparency, legitimate purpose and proportionality.”
The commission said it has been receiving reports about private and public organizations collecting signatures and personal data that it considers unnecessary for contact tracing.
The NPC said organizations’ data protection officers must provide clear and accessible privacy notices to inform people about the collection and storage of their personal data. The privacy notices must also include the legal basis of the collection and the parties to whom the data will be given.
“Detailed information on the relevant personal data flows must be provided. You should have a clear way of employing these activities and show in your privacy notices that they have adequate organizational, physical and technical capacity to protect data from collection to disposal,” Mr. Duma said.
The NPC said it can give businesses guidance on creating policies that will ensure data privacy.
In April, the commission said that data collection mobile apps should collect the minimum data necessary for contact tracing. — Jenina P. Ibañez