The National Privacy Commission (NPC) has ordered organizers of Miss Earth to explain how a contestant’s phone number was disclosed to an event sponsor without her consent.
In a letter dated November 11, the NPC directed Ramon Monzon, president of Carousel Productions, Inc., to explain how the mobile number of Miss Earth-Canada Jaime Yvonne Vandenberg got leaked.
“We understand that there are allegations that the mobile phone number of one of the contestants or ‘delegates’ of the Miss Earth pageant have been disclosed without consent to a pageant sponsor,” wrote lawyer Francis Acero, chief of NPC’s complaints and investigations division.
The NPC asked Carousel to also explain their data protection measures in the wake of sexual harassment accusations by some of its candidates.
According to NPC, its database “shows no record of the organizer, its Data Protection Officer (DPO), nor details of its data processing system.”
This, it said, “signifies potential non-compliance with the Data Privacy Act and implies possible negligence in adhering to data protection standards set by the commission.”
The NPC’s order came after Vandenberg claimed in a now-viral social media post that one of the pageant’s sponsors allegedly harassed her and got her mobile number without her consent. She added that the sponsor allegedly kept on calling her to ask for her room number.
READ: Miss Earth delegates open up about sexual harassment in hands of pageant sponsor in PH
More Miss Earth 2018 candidates have since come forward to share their own experiences of sexual harassment after VanderBerg’s disclosure.
The NPC also ordered Monzon and Carousel’s Executive Vice President Lorraine Schuck to provide within five days from receipt of the letter the name of their DPO as well as the NPC registration details of the firm.
It likewise directed Carousel executives to explain the process surrounding Carousel’s processing of the data of the contestants’ passports and submit a copy of the firm’s privacy management program and existing policies and procedures for its collection, use, access, disclosure, storage and disposal of personal data, including organizational, physical and technical security measures.
NPC Chairman and Privacy Commissioner Raymund Enriquez Liboro insisted that every organization is required to have a data privacy officer to safeguard their data.
“When personal data is not safeguarded properly, problems would definitely arise and oftentimes escalate out of proportion. And the first step in doing that is to appoint a DPO (Data Protection Officer), as required by law. Every organization has to have someone whose job it is to ensure that the personal information they have been entrusted with remains private and safe from potential misuse,” Liboro said in a statement. /kga