Data Privacy, a Sacrosanct Right

In this digital and rapid technological era, this writer is inclined to agree with the above statement. Really, gone are the days that gold, diamonds and oil are the most valued possession in the world. With the rise of data economy, entities find great treasure in collecting, sharing, and using data. See how Google, Facebook, and Amazon landed on the top companies because of their business model. Alongside with this however, is the increasing awareness and concern among us against data breaches and how the same can be protected and kept private. We all subscribe to the concept that privacy means freedom from interference or intrusion… to be free from uninvited surveillance… to safely exist in one’s space and freely express one’s opinions behind closed doors. In other words, privacy means the right to be left alone.

Data privacy has always been important us. We put locks on our filing cabinets, while some even go to the extent of renting safety deposit boxes at the banks just to store more important documents and assets for a simple reason that when these data or information that should be kept private gets in the wrong hands, terrible things can happen. We also typically apply the concept of data privacy not only to critical personal information such as our social security, financial or bank details, credit cards, health, and medical records but even to basic, but still sensitive information such as our address, mobile numbers, and birthdate to name a few. The list of personal information can be pretty extensive. Data privacy relates to how a piece of information or data should be handled based on its relative importance.

For instance, a petitioner in freemasonry would normally expect that the details he supplied in his petition form will be used only in his application to be a member of the craft, nothing more and nothing less. The brethren on the other hand are expected not to use the same for other purpose such as using it as an opportunity to market their products and services or that of their relatives, and friends. As for us brethren, we expect that the Grand Lodge of the Philippines shall preserve and protect our data and take measures to prevent unnecessary disclosure thereof to those unrelated to the craft. In general, we trust that our respective lodges and the Grand Lodge would deal our personal data properly and not handle it in irresponsible ways

especially in the light of the mandate of Republic Act No. 10173 otherwise known as the Data Privacy Act of 2012. The said law aims to protect the fundamental right to privacy of communication while ensuring free flow of information to promote innovation and growth.

R.A. 10173 provides that the collection of personal data must be for a declared, specified, and legitimate purpose and requires consent of the data subject prior to its collection, as a rule. It further requires that when obtaining consent, the data subject be informed about the extent and purpose of processing. In addition, the law requires that any entity involved in data processing and subject to the act must develop, implement, and review procedures for the collection of personal data, obtaining consent, limiting processing to defined purposes, access management, providing recourse to data subjects, and appropriate data retention policies. These requirements necessitate the creation of a privacy and security program. Having said that, we hope that the Grand Lodge of the Philippines develop a program and implement an effective policy and procedure in protecting sensitive data of its members. It must be able to draw the flow of our data being processed: who may access the data; what data may be accessed; how it is being used; and who is receiving it to avoid data breaches. This step may prove to be difficult at first, but it is obviously for the better. Because an organization that does not implement privacy protection faces a huge problem in the future as the cost of a data breach is far reaching, both in tangible and intangible terms. A breach is a breach, whether maliciously done or by sheer negligence.

1 Brittany Kaiser, Former Program Development Director, Cambridge Analytica.