MANILA, Philippines — The National Privacy Commission (NPC) is calling on public and private organizations to ensure protection of personal data when implementing work-from-home schemes for their employees during the coronavirus disease 2019 (COVID-19) pandemic.
Under NPC Public Health Emergency Bulletin No. 12, the commission acknowledged that the work-from-home setup is a feasible solution for continued physical distancing for work operations but warned that the setup is “not risk-free.”
“Unauthorized access to and improper disposal of documents containing personal data due to unprotected home devices and physical files are just some of the potential dangers that come with it,” read the bulletin from the commission.
To make this work setup sustainable, the NPC said personal data should be accorded the same high level of protection as required by the Data Privacy Act of 2012.
“Given the public health emergency that the country faces, the National Privacy Commission supports the adoption of the WFH setup as a viable strategy to balance the need to preserve the health and well-being of an organization’s workforce with the need to continuously operate and provide services to the public,” Privacy Commissioner Raymund Enriquez Liboro said in a statement on Friday.
He said that the work-from-home setup can be considered as a form of telecommuting.
Republic Act 11165 or the Telecommuting Act defines telecommuting as a “work arrangement that allows an employee in the private sector to work from an alternative workplace with the use of telecommunications and/or computer technologies.”
In its guidelines, the NPC said firms that opt to implement telecommuting as part of its business continuity plan should enforce “well-defined” security measures.
These include active measures to avoid unauthorized access to, and improper disposal of, documents containing personal data, among others.
Under the NPC bulletin, employers are advised to issue their staffmembers with appropriate Information and Communication Technology resources.
It added that only organization-issued peripherals and softwares authorized by the organization should be used by employees.
Security patches should likewise be installed in devices to prevent cyber security issues, according to the bulletin.
For video conferencing, employees are advised to only use platforms contracted by their companies, which should pass its privacy and security standards.
RELATED STORIES:
Data security a major concern to PH consumers
Zoom agrees to step up security after New York probe
Zoom under scrutiny in US over privacy, porn hacks