Privacy Commission allows employers to install monitoring software in company-issued devices of WFH employees

Marje Pelayo   •   June 8, 2020   •   1722

MANILA, Philippines – The National Privacy Commission (NPC) says ‘yes’ to employers who would want to install monitoring software in company-issued devices to monitor their work-from-home (WFH) employees. 

However, the NPC clarifies that such a decision must adhere to the provisions of the Data Privacy Act (DPA) which ensures that the rights and freedom of WFH employees remain protected. 

The agency explains that “monitoring employee activities when he or she is using an office-issued computer may be allowed under the DPA, provided the processing falls under any of the criteria for lawful processing under Sections 12 and/or 13 of the law.”

Specifically, the NPC details the following obligations of employers in monitoring their WFH employees without breaching their privacy:

  • Employers must notify their employees that they are being monitored and why it is necessary. 
  • Employers should conduct a privacy impact assessment of the monitoring software to determine potential risks and to be able to find ways on how to mitigate them. 
  • Employers should also have clear guidelines on monitoring procedures. 
  • Excessive and disproportionate mechanisms in monitoring are discouraged such as tracking mouse movements, recording keystrokes, taking random photos of the computer screen, enabling webcams to take a picture of the employee, etc.
  • Employers can not require employees to stay on video during office hours or even during overtime work as this is considered excessive and there are other available means of ensuring that employees are doing their assigned tasks.
  • Employers must provide proper ICT equipment, support facilities and mechanisms to the employees to ensure that personal data processing systems being used during WFH are secured.

Meanwhile, the NPC noted that both employers and employees must be guided by data protection and privacy policies at all times.

“We expect employers, whether in the government or the private sector, to process personal data responsibly and with accountability in order to address existing health threats brought by COVID-19,” said Privacy Commissioner Raymund Liboro.

“We also expect employees to cooperate to reasonable and appropriate collection of their information to mitigate COVID-19 related risks and keep their co-workers and visitors safe,” he added.

Liboro hopes that the guidelines will be able to produce best practices not only in the workplace but also in homes of employees working remotely.

Cyberattack on S&R compromised 22,000 data subjects – NPC

Robie de Guzman   •   November 25, 2021

MANILA, Philippines – The National Privacy Commission (NPC) reported that some 22,000 data subjects were affected in the ransomware attack on S&R Membership Shopping.

In a statement, the NPC said it has received an initial breach notification report on November 15, 2021, 4:47 PM, from S&R Membership Shopping in relation to a cyber-attack that may have compromised its members’ contact information.

The NPC said the firm discovered the cyberattack incident on November 14, 2021.

“The company has then submitted an supplemental breach report today, November 24, 2021, confirming that the subject of the ransomware attack was the S&R membership system affecting twenty-two thousand (22,000) data subjects,” the commission said.

Citing the company’s report, the NPC said the attack compromised S&R’s personal data such as date of birth, contact number, and gender.

“Based on the S&R’s disclosure and confirmation from their data protection officer (DPO), credit cards and other financial information were not among the compromised personal data,” the agency said.

“They informed the Commission that they instituted measures to secure their system, recover compromised data, prevent further disclosure, and recurrence of similar attacks,” it added.

The company earlier said that its team has implemented cybersecurity protocols that enabled them to resume system operations. It also assured that the data affected in the attack were only confined to contact information and its members’ financial data are safe as these are protected by encryption measures as required by regulation.

The NPC reminded the S&R of its obligation to fully disclose and individually notify the affected data subject.

The commission likewise directed them to provide the technical report of the incident from the third-party cyber security firm.

NTC to telcos: Warn public against spam text messages

Robie de Guzman   •   November 23, 2021

MANILA, Philippines – The National Telecommunications Commission (NTC) has ordered telcos to send a message to its subscribers, warning them about text scams that contain dubious job offers.

In a memorandum dated November 19, the NTC directed Globe Telecoms, Smart Communications, Dito Telecommunity, and Digitel Mobile Philippines to send a text blast containing the following message:

“BABALA! Huwag maniwala sa text na diumano’y nag-aalak ng trabaho. Huwag po magbigay ng personal na impormasyon. Ito po ay isang scam.”

The NTC said telcos have until December 14 to submit their compliance report on the latest directive.

The order comes after thousands of mobile users complained of receiving text messages or e-mails offering job opportunities.

Authorities have tagged this as a scam and advised public to report this to the NTC.

The National Privacy Commission (NPC) earlier said its initial probe showed that a global organized syndicate could be behind the proliferation of text scams.

The NPC said it has summoned data protection officers of local telcos, banks, and e-commerce platforms to discuss the scam text surge.

Nat’l Privacy Commission urged to stop ‘budol’ text scams

Robie de Guzman   •   November 22, 2021

MANILA, Philippines – A lawmaker on Monday urged the National Privacy Commission (NPC) to look into text scams that offer shady jobs.

In a statement, Senator Joel Villanueva asked the NPC to investigate and put a stop to text scams where cellphone numbers are barraged with job ads or offers.

Villanueva said social media has been flooded with complaints of citizens who have been bombarded with job offers or sales work that promises huge commissions.

“This is the new budol in town,” he said.

He also described these “robo texts” as a variant of fake news, “which many people can fall for.”

“In a nation where unemployment and digital disinformation are high, these kinds of messages can mislead many. Maraming kababayan po natin, lalo na ang mga naghahanap ng trabaho ang ma-si-swindle nito,” he said.

Villanueva called on the NPC to coordinate with the National Telecommunications Commission “on how this illegal and irritating intrusion into one’s privacy can be stopped.”

He likewise asked other government agencies and telecommunications firms to work together in preventing citizens from being victimized by “smishing,” a form of text message phishing, where criminals lure consumers into giving away personal or financial information.

“Nasa area pa rin po ito ng consumer protection na trabaho ng gobyerno,” he said.

He said text offers on overseas jobs violate laws in labor placement, an activity that is tightly regulated by the government to shield job seekers from being victimized by illegal recruiters.

 

REACH US

The Philippine Broadcast Hub

UNTV, 915 Barangay Philam,

EDSA, Quezon City M.M. 1104

(+632) 8396-8688 (Tel)

info@untv-newsandrescue.com (General inquiries)

ABOUT UNTV

UNTV is a major TV broadcast network with 24-hour programming. An Ultra High Frequency station with strong brand content that appeal to everyone, UNTV is one of the most trusted and successful Philippine networks that guarantees wholesome and quality viewing experience.