Privacy concerns on contact tracing
In compliance with government regulations on contact tracing for the new coronavirus disease (COVID-19), some commercial establishments such as high-end retail stores and restaurants require their customers to accomplish individual information sheets before being allowed entry.They have to state their full name, home address, cell phone number and, sometimes, email address.
These data are supposed to facilitate getting in touch with them in case any person who works at or entered the premises they may have gotten in contact with is found to be infected with COVID-19.
Upon receipt of the advice, they can decide whether to go on self-quarantine or seek medical help.
Failure or refusal to provide the requested information could result in the customer being refused entry. This is one time when the “customer is always right” mantra may not be observed.But customers are not required to show any identification card or document that would validate the data they wrote. Their words are taken at their face value.
From the establishments’ point of view, the “fear factor” would be sufficient to encourage their customers to truthfully or honestly accomplish the information sheet because it is in their best interests to be quickly notified about their possible contamination.
To allay any apprehension about those data falling into the wrong hands, the person in charge of their collation say they will be kept confidential and will be used solely for contact tracing purposes should the need arise.Under these circumstances, customers who feel uneasy about disclosing their personal information and, as a result, are refused entry can go to other establishments that do not have any disclosure requirements.
Those in a hurry to complete their errands or are not in the mood to look for alternatives may have no choice but accomplish the information sheet.
While it is reasonable to assume those establishments would keep their word in maintaining the confidentiality of information, the probability of the collated data being misused cannot be discounted.
In this country, personal data, especially cell phone numbers and email addresses, have an uncanny way of finding their way in the hands of unauthorized parties, e.g., advertisers and merchandisers.
Who hasn’t experienced getting unsolicited advertisements in their cell phones and email inbox or receiving cold telephone calls pitching various kinds of products and services?
When asked how the sender or caller got hold of the contact numbers, he or she will refuse to answer or come up with all kinds of excuses.
True, the Data Privacy Act requires entities that have access to or are authorized to collate personal data to keep them under lock and key and disclose them only with the consent of their owners or for reasons authorized by law.
But that injunction is often observed in breach. Many holders of private data share that information on the sly with third parties and are able to get away with it.
Confidentiality of information seems to be the exception rather than the rule.
It does not come as a surprise that personal data disclosed to a business entity that has subsidiaries, affiliates or joint venture partners invariably find their way into the latter’s mailing list.
In the same token, personal data contained in information sheets required by some commercial establishments can be accessed by their owners or partners to promote or advertise their other business activities. And there will be no end to the cycle of misuse.
Perish the thought of complaining about the unauthorized disclosure of personal information because you will only be given the run around or, worse, criticized for being inordinately secretive.
It looks like COVID-19 has added another hole to the already leaky rules on data privacy. INQ
