I read the news reports yesterday where Defense Secretary Lorenzana admitted to giving Solicitor General Calida the amnesty files of Senator Trillanes and the hundreds of other soldiers who availed of the amnesty in 2011. In the same news reports, Secretary Lorenzana said that SolGen Calida merely asked for the files but did not tell him of the purpose for the request. Lorenzana gave the files to Calida anyway.

I’ve been thinking about this since yesterday and I remain bothered by the readiness of Secretary Lorenzana to disclose personal data of hundreds of people without an ostensible lawful basis for the disclosure.

This question of whether government agencies can share personal data of individuals with each other has already been touched upon by the National Privacy Commission.

In NPC Advisory Opinion No. 2018-007, the NPC discussed whether the Department of Health may share the list of students vaccinated with Dengvaxia with the Public Attorney’s Office. The NPC stated that while the PAO was mandated to assist indigent victims in filing cases, the PAO needs to show lawful basis for the access to the DOH records, such as—in this instance—consent from the Dengvaxia victims. The NPC further made this important pronouncement:

“[W]e take time to emphasize that the government is one of the biggest repositories of the personal data of citizens. The government or its agencies, however, do not have the blanket authority to access or use the information about private individuals under the custody of another agency.” <Emphasis mine.>

True, as Solicitor General, it may have been within Calida’s office to investigate the propriety of the availment of the amnesty. But from Lorenzana’s statement, it is not apparent that Calida’s request was pursuant to his official duties as Solicitor General. In fact, Lorenzana claims that Calida did not give any reason for the request at all. Under the circumstances, the Department of National Defense—as personal information controller of the personal data submitted by the Magdalo soldiers in reference to their amnesty applications—may have been remiss in its duties to safeguard the personal data of data subjects.

In NPC Advisory Opinion 2018-007, the NPC issued this reminder to the DOH,

“We urge the DOH to be circumspect in releasing information relating to sensitive personal information of individuals. It should do so only if it is satisfied that such release is authorized under law, adheres to data privacy principles and reasonable and appropriate security measures are in place for the protection of said data.”

It is advice that the DND—and all other government agencies—would do well to heed.

Want to read the NPC Advisory in full? Here's the link.

#government #datasharing #lawfulbasis