Privacy Commission probing reports against establishments ov...

Several business establishments – from a mall, fast-food and drugstore chains, and supermarkets to a European fast-fashion retailer and a North American coffee shop franchisee – have been the subject of reports from citizens over mishandling and misuse of contact-tracing data, prompting the National Privacy Commission (NPC) to take steps in checking their compliance with the Data Privacy Act (DPA) and the guidelines issued by the Commission and other government agencies. The chief concerns were the improper use of logbooks and the lack of appropriate data-protection measures that left in the open filled-out contact-tracing forms that contain customers’ data, such as names, addresses and contact details, which other people could see. Other concerns included using personal data for purposes besides contact tracing, absence of a privacy notice, and baseless retention period. “We he...