article banner
From Where We Sit

Protecting personal data in the coronavirus era

Third Librea

In response to the coronavirus disease 2019 (Covid-19) pandemic, new ways of interacting are rapidly affecting our way of life. As we continue to stay and work at home, however, data privacy concerns may have been pushed into the sidelines.

On our personal social media and messaging apps, we may have inadvertently shared unverified or speculative news about someone in our community who has been tested positive for Covid-19. For the past six weeks, our employers would also ask about our health status and travel history. While working remotely, we may have unintentionally exposed the sensitive data of our colleagues and clients to other family members. Just imagine the bulk of sensitive information that you have to access and receive over WiFi networks and store them in your computer. Meanwhile, many individuals are pushing for increased surveillance from organizations, local authorities and the government.

As Covid-19 monitoring escalates, personal privacy plummets. It does not have to be this way. Even in a global crisis such as this pandemic, privacy matters. It is not a hindrance to the Covid-19 response. Let us keep in mind that protecting our personal privacy and the privacy rights of others remains of greatest importance.

Much has been written about how organizations can protect their data about their stakeholders, but how can we, in our own personal capacity, protect the personal data of our clients, colleagues and communities in the coronavirus era?

Be aware of heightened vulnerabilities. Governmental, institutional and organizational measures taken in the Covid-19 crisis, while generally considered necessary, create privacy challenges. Surveillance involves verifying social distancing, quarantine and self-isolation measures. Contact tracing involves identifying the contacts of patients who have tested positive. Health data disclosures, on the other hand, include making the personal data of Covid-19 patients and their contacts accessible in crowdsourced, nongovernmental databases. Early on in the community quarantine, organizations had restrictions and requirements, such as imposing travel restrictions, limiting visitors and requiring medical exams, potentially sharing information in the process. Remote work also involves monitoring employee activities and data use.

Use your business computer for business purposes. Refrain from using your business computer for private reasons, such as streaming videos, playing games, surfing the web, checking social media feeds, shopping and banking online, and contacting friends and family. Prevent other family members from using your office computer for personal use.

Work from the cloud as much as possible. Continue to use your work email account, as well as any trusted software tools, applications and systems provided by your employer. Comply with your company’s rules and procedures for cloud or network access, login and data sharing. Cloud computing is a beneficial way of ensuring that the data of your clients and colleagues is kept secure when working remotely. If you are unable to work with cloud or network access, however, ensure that any data stored in your computer is backed up regularly and securely.

Practice good housekeeping. Maximize the access control features of your computer, such as setting up separate accounts, using strong passwords and even enabling biometrics scanning. Do not leave your computer unattended and always lock your screen when not working. If you use a laptop and/or work with paper records, keep them locked in a cabinet or drawer at the end of the day rather than leave them out on your work area. Take extra care that devices, such as USB drives, phones or tablets, are not lost or misplaced. If you need to dispose of printed documents, shred them first. Ensure that business documents are not disclosed to family members. If you have taken home any records or files, keep a written record in order to maintain good data access and governance practices.

Work with your organization’s information technology (IT) and with government authorities. Read your employer’s IT and data privacy advisories. Attend information security and privacy awareness training, if necessary. If you suspect any data privacy incident or breach in your work, inform your immediate supervisor and data privacy officer as soon as possible, keeping in mind your company’s established procedures or protocols.

Remind friends, family and colleagues about protecting data privacy. Sharing personal information of a Covid-19 case through other means than with health care institutions — such as social media, short messaging services, messaging apps and community groups — is a violation of other peoples’ data privacy. If such information has been shared with you, immediately delete it from your device(s). Notify the sender that they could be violating Philippine data privacy laws and that you do not wish to receive such information. If community members keep sharing the private information of others, consider leaving the virtual community.

In a time where information is at our fingertips, we often forget the human ethical aspects. However, eroding our own data privacy and the privacy rights of others would be misguided and harmful, both during and after the crisis.

Let us be socially responsible to mitigate the consequences of Covid-19 and to show solidarity and respect for each other. In the words of the late Hollywood actor Marlon Brando: “Privacy is not something I’m merely entitled to. It’s an absolute prerequisite.”

Third Librea is a partner and head of the advisory services of P&A Grant Thornton. P&A Grant Thornton is one of the leading audit, tax, advisory, and outsourcing firms in the Philippines, with 23 partners and more than 900 staff members. We’d like to hear from you! Tweet us: @GrantThorntonPH, like us on Facebook: P&A Grant Thornton, and email your comments to or For more information, visit


As pulished in The Manila Times, dated 29 April 2020