NPC issues ‘work from home’ guidelines to safeguard personal data

The National Privacy Commission (NPC) is instructing public and private organizations to ensure the protection of personal data as they implement a work from home (WFH) setup with their employees, which may likely stay on as part of the ‘new normal’ as the country continues to manage the COVID-19 crisis.

In NPC PHE Bulletin No. 12 released to media, the NPC acknowledged WFH as a feasible management solution supportive of government calls for continued social distancing. The agency, however, warns organizations that the setup is not risk-free. To make WFH sustainable, personal data should be accorded the same high level of protection as required by the Data Privacy Act of 2012.

“Given the public health emergency (PHE) that the country faces, the National Privacy Commission (NPC) supports the adoption of the WFH setup as a viable strategy to balance the need to preserve the health and well-being of an organization’s workforce with the need to continuously operate and provide services to the public,” said Privacy Commissioner Raymund Enriquez Liboro

The WFH setup can be considered as a type of telecommuting. Republic Act 11165 or the Telecommuting Act, defines telecommuting as a “work arrangement that allows an employee in the private sector to work from an alternative workplace with the use of telecommunications and/or computer technologies.”

In its WFH guidelines, the NPC said, organizations opting to implement telecommuting as part of its Business Continuity Plan should implement well-defined security measures. These include active measures to avoid unauthorized access to, and improper disposal of, documents containing personal data, among others.

# # #