Data privacy trajectories
It is important to capacitate and familiarize members of the organization, from top management to the rank-and-file workers, on the importance and implications of data protection and security in the time of COVID-19
During the earliest stages of the pandemic, we have seen the effects of misuse and “missed” use of personal data. Unauthorized disclosure of sensitive personal information of COVID-19 patients resulted in social vigilantism, discrimination and stigmatization; physical assaults against our frontliners; and many more incidents of data privacy violations, which create risks more harmful than the virus itself.
On the other hand, we are also concerned about the “missed use” of data to fight this pandemic. We have tried our best to provide guidance on the proper use and sharing of data. We have involved ourselves in directly contributing to government measures, such as the crafting of contact tracing policies, reviewing data sharing agreements to effect the distribution of social amelioration packages, and other relief packages to the needy and the marginalized.
We have no playbook that provides the perfect strategies against a pandemic of this scale. However, we at the National Privacy Commission are always tuned in for rising issues and challenges faced by both public and private institutions in their fight against the disease. We are issuing bulletins to address emerging privacy concerns and to guide everyone on the best practices of data protection, especially where the use, collection and processing of data is involved.
As the virus continues its lock on the nation, it is important to realize that COVID-19 is imposing both immediate and long-term impacts to governments, businesses, regulations and human interactions. This is highlighted by growing digitization of a wide range of human activities, which are, most likely, of a permanent nature. This trend will continue as we discover new, beneficial uses of data even after the COVID-19 pandemic.
Unfortunately, most of us are not prepared for this sudden, tectonic shift. If we examine closely, most of our existing regulations and business practices rely heavily on close and personal contacts within a physical workspace. Hence, there is a need to revisit and update our traditional practices, data protection tools and analysis of legal requirements to keep up with the times and to reduce risks associated with digitization.
Organizational accountability will play a key role in ensuring a data-resilient environment.
Data privacy, as a concept, should evolve within organizations as they adjust in the post-COVID-19 world. Hence, we will see the bigger role of data protection officers (DPO) in corporate strategy and management, product development, human resources, finance, marketing and almost all aspects of a business.
In this context, accountability should be understood and implemented not only at an organization level, but also at the personal level of every employee. Majority of businesses are expected to refocus their strategies and resources to digital work, teleconferencing and use of online solutions in lieu of traditional business processes. Hence, it is important to capacitate and familiarize members of the organization, from top management to the rank-and-file workers, on the importance and implications of data protection and security in the time of COVID-19.