Privacy issues amid COVID-19

You are here: / / / Privacy issues amid COVID-19

Privacy issues amid COVID-19

Published in Daily Tribune on August 14, 2020
by: Vanessa Arrha A. De Leon

One of the dilemmas employers face in this pandemic is the extent to which sensitive medical information of a COVID-19 positive employee may be disclosed. The National Privacy Commission (NPC), in several bulletins, answered this question, making sure to balance the right to data privacy with the necessity of using personal data in the fight against COVID-19.

The Data Privacy Act (DPA) of 2012 defines processing of personal data as any operation performed upon personal information, including its collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction. The performance of any of the above operations makes the employer a personal information controller (PIC) under the DPA, which gives rise to certain obligations.

One area of concern is the collection and disclosure of health-related personal information especially now when mishandling of personal information may cause serious consequences to a person such as bias and discrimination. NPC succinctly puts its policy on this subject as follows: “Collect what is necessary. Disclose only to the proper authority.”

Per NPC PHE Bulletin 14, employers are empowered to collect additional personal data, including health information, from employees during the pandemic. The collection may range from taking the temperature of employees to asking the employees to fill out and submit declaration forms containing screening questions such as symptoms of COVID-19, travel history, etc.

To comply with the DPA, the collection should be limited only to relevant data like symptoms and travel history, which could help the Department of Health (DoH) in contact-tracing. The employee need not consent to the collection but NPC suggests that a privacy notice be issued to inform employees of its purpose.

On the matter of disclosure of employee health data related to COVID-19, it is limited to: 1) the DoH; 2) entities authorized by the DoH; and 3) entities authorized by law, making sure to follow all existing protocols on the matter. When disclosing to these entities, the consent of the concerned employee is not necessary.

With respect to intra-company disclosure of the identity of COVID-19 positive employees, the employer may not make such disclosure, following NPC’s “Disclose only to the proper authority” policy. NPC, in PHE Bulletin No. 3, stressed that the company may inform the employee body without necessarily revealing the identity of those who are COVID-19 positive. Per NPC, revealing the identity of COVID-19 positive employee/s would offer no real benefit because should someone in the company tests positive, the guidelines and corresponding protocols for PUM/PUI would be activated and generally cover everyone.

When faced with these questions, the employer may need to consult a health professional (to determine those who are at risk of infection) and a lawyer (to make sure that the data processing and disclosure complies with the DPA).

While the DPA provides less stringent conditions or criteria on the processing and disclosure of personal information during national emergency or when the processing or disclosure is necessary to protect interests such as life and health or for purposes of medical treatment, there is no question that there is a need to balance the individual’s and the community’s rights. Hence, the DPA places great responsibility and obligations upon employers as PIC. Failure of these employers to observe these obligations has serious consequences under the DPA ranging from fines to imprisonment, especially if such failure results in the unauthorized processing of, and access to, their employees’ personal information. Compliance, therefore, cannot be lax.

* * *
Vanessa Arrha A. De Leon obtained her Juris Doctor degree from the University of the Philippines College of Law in 2017. As a law student, she was an intern in the UP Office of Legal Aid where she represented indigent clients/litigants in various cases in trial courts and government agencies. She likewise worked as an intern in the Office of the Solicitor General. Her practice areas include corporate law and compliance, taxation, civil, criminal and administrative litigation and family law.

Link to: Contact Us

Any questions? Email Us!

Manila Office:

Unit 203 Le Metropole Building
155 H.V. Dela Costa cor. Tordesillas Sts.
Salcedo Village, 1227 Makati City, Philippines
Tel. Nos. (02) 8817-9704 to 07
Email:
[email protected]
[email protected]

Bacolod Office:

Unit 2Q, Paseo Verde Complex
Lacson St., Mandalagan
6100 Bacolod City, Philippines
Tel. No. (034) 458-9941
Email:
[email protected]
[email protected]

Privacy Policy

Copyright © 2020 Aranas Cruz Araneta Parker & Faustino Law Offices.
All rights reserved.

#StayingSafe in buying real property The Rise of eSports