Data Privacy

NPC warns LGUs of sharing SAP beneficiaries’ private data on social media

The National Privacy Commission (NPC) calls on local government units to “practice transparency with responsibility when posting SAP (social amelioration program) beneficiaries on social media.

SAP is a cash subsidy distributed by the government to aid families whose livelihood was effected by the recent lockdowns. The local government units (LGU), together with the Department of Social Welfare and Development, determines the beneficiaries based on a set of criteria. For the recent lockdowns, the Philippine government alloted P1,000 (around $20) for each beneficiary.

LGUs have been using social media as part of its communication and public relations which also include informing citizens of the developments in their baragay, city or provinces.

NPC reveals 3.3 million user data of Cashalo sold on the dark web

NPC orders lender Familyhan to take down customer database following complaints

“We understand that using social media platforms is a quick and accessible method to reach the public and uploading the list of SAP beneficiaries through these platforms may be considered an efficient way to exercise transparency in utilizing public fund,” NPC said in the advisory. “However, public disclosure of personal information should strictly adhere to the principle of proportionality. Local government units must determine the types of personal data that they will disclose, particularly when the original list of SAP beneficiaries contains sensitive personal information.”

The privacy watchdog said it “strongly discourages” the indiscriminate publication of “sensitive personal information” online. The LGU should determine which of the pieces of information are necesarry to post in their public pages. NPC noted that from the six LGUs it monitored, some posted online details such as complete address, age, and even disabilities.

NPC clarified that the Data Privacy Act of 2012 “does not prohibit LGUs to disclose information which it deems essential for the public to know in the name of transparency. Nevertheless, LGUs should be mindful of its concomitant responsibilities as personal information controllers.”