Privacy body to LGUs: Take down SAP lists with sensitive info or risk being sued

The National Privacy Commission (NPC) on Thursday reminded local government units to be responsible when posting the identities of the beneficiaries of the Social Amelioration Program (SAP) on social media amid reports that some barangays are posting recipients’ addresses, disabilities, and age.

“We strongly discourage na magpublish lang basta basta ng information online. Kelangan po idetermine ng LGUs yung necessary information na idi-disclose. Meron kasi kaming nakita na pati disabilities, complete address (with house no., etc.), age ay nakalagay pa sa lists,” NPC chief of Public Information and Assistance Division Roren Marie Chin told reporters in a Viber group message.

(We strongly discourage the irresponsible publishing of information online. LGUs should determine the necessary information that they will disclose. We saw lists wherein the disabilities, complete address, and age are even included.)

“This types of information are considered as sensitive personal information,” she said.

Chin said the NPC have so far received six reports “and counting” of LGUs’ posting SAP recipients’ sensitive information online.

“Kailangan lang po i-consider ‘yung dangers pag pinost natin ang name, complete address at contact information ng isang tao. Maaari po itong gamitin ng ibang taong meron hindi mabuting layunin kasi it's publicly available,” she said.

(It should be considered that when posting the complete address and contact information of person, these could be used by some who have  nefarious motives since its publicly available.)

The NPC official said the privacy body is already contacting LGUs and barangays to take down their lists and is continuously communicating  with them to educate them on the do’s and dont’s of privacy.

“If hindi pa rin sila mag-comply with the order, pwedeng sila mafilean ng contempt then we will proceed to sua sponte then may file a case sa kanila such as but not limited to unauthorized processing, malicious disclosure, violation of proportionality,” Chin said.

(If they will not comply with the order, they could be cited for contempt then we will proceed to sua sponte then we may file a case against them such as but not limited to unauthorized processing, malicious disclosure, violation of proportionality.)

The Data Privacy Act does not prohibit LGUs to disclose information which it deems essential for the public to know in the name of transparency, the NPC said in a statement.

Nevertheless, LGUs should be mindful of its concomitant responsibilities as personal information controllers, it said.

Chin said that the law states that the personal data to be disclosed to the public shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose.

“The LGUs, barangays, and other authorities must be able to justify why they need to disclose such personal data,” she said.

“Personal information is information that can lead to the identity of an individual while sensitive personal information is an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations,” she added. -MDM, GMA News