The National Privacy Commission (NPC) reminded business establishments on Thursday to use data privacy and security measures as they conduct contact tracing.
In NPC Bulletin 15 released on July 8, business establishments, including restaurants, salons, and barber shops were told “to collect only what is necessary.”
The NPC advised the owners of these establishments to provide easy to understand information to data subjects on the purpose of collection, and to implement measures to ensure that personal data they gather do not fall into the wrong hands.
The commission said establishments are responsible for complying with the Data Privacy Act (DPA) of 2012. They also must remind their staff, as well as third-party service providers and security personnel that using the personal data of customers or visitors for any other purpose is punishable under the law.
“Once these rules are no longer in force, all personal data collected for their purposes should be disposed of in a secure manner that will prevent further processing and/or unauthorized access or disclosure,” it added.