Scribd
Upload
13 views2 pages

Reminder - Taking of Pictures of ID

Uploaded by

jonathan thomas imperial
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views2 pages

Reminder - Taking of Pictures of ID

Uploaded by

jonathan thomas imperial
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Republic of the Philippines

NATIONAL PRIVACY COMMISSION

REMINDER TO PERSONAL INFORMATION CONTROLLERS REGARDING TAKING OF


PICTURES OF IDENTIFICATION DOCUMENTS

The National Privacy Commission draws attention to prevalent practices by certain businesses and
associations (both Personal Information Controllers and Personal Information Processors) of
authorizing, allowing, or acquiescing its employees, agents, or personnel in taking the identification
(ID) cards of customers, guests, or other persons using their personal electronic devices, or without
appropriate safeguards, and/or without the required privacy notice.

To illustrate, here are some examples of these practices:

• Hotel receptionists taking photos of guest IDs using their personal smartphones instead of
company-issued phones;
• Car sales agents taking photocopies of the ID of a potential customer for verification
purposes;
• Agents of a telcos requesting a potential customer to send a photo of the customer’s ID via
private communication such as Viber, WhatsApp, or Facebook Messenger; and
• Homeowners and condominium associations taking copies and requiring the deposit of
physical IDs with Sensitive Personal Information without appropriate policies and security
measures for their PIP security agency to implement.

The Commission emphasizes that these types of activities carry a great risk of causing security
incidents, data breaches, unauthorized uses, inadequate disposal, lack of informed consent, and
profiling or discrimination, among others.

PICs/PIPs shall obtain the consent of the data subjects prior to the collection and processing of their
personal data, subject to exemptions provided by the DPA and other applicable laws and
regulations.1 It is the duty of the PICs, as well as their employees, agents, or representatives, to
uphold the confidentiality and privacy of the personal data that they process.

To this end, the Commission mandates the following practices:

• Consent: Where it is the necessary criteria for lawful processing of Sensitive Personal
Information under Sections 13 of the DPA, the PIC must obtain explicit consent from
individuals to capture and process their identification photos and details.

• Privacy Notice: Provide a clear, understandable, and transparent privacy notice before
capturing their IDs. The notice should include the purposes of the processing, the security
measures implemented, the retention period, and the purpose limitation, among others.

• Secure Storage and Transmission: Implement policies to ensure that photos taken by
personal devices are stored in a manner that is in compliance with company policies and the

1 Section 19 of the Implementing Rules and Regulations of the Data Privacy Act of 2012.
DPA. Implement safeguards that ensure that the photos cannot be used by the employees,
agents, or personnel for other purposes, such as encryption, access controls, and other tools.

• Proper Disposal: Establish policies and procedures that ensure the disposal and deletion of
the photos once the purpose is fulfilled. The PIC should conduct verification and audits to
ensure that disposal policies have been complied with.

We reiterate that processing personal data violative of the Data Privacy Act of 2012 and related
issuances of the Commission is subject to penalties and administrative fines.

###

5th Floor, Philippine International Convention Center, Vicente Sotto Avenue, Pasay City, Metro Manila 1307
URL: https//www.privacy.gov.ph Email Add: info@privacy.gov.ph * Tel No. 8234-2228

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy