Balancing Data Privacy and Advancements in Technology

Among others, the law dictates that information about a data subject shall require an informed consent to the extent that the subject has to be apprised as to the purpose, usage, and retention periods of any and all information prior to its collection, save for some exceptions. Rights of data subject include right to have access, to object its collection, to rectify, to erase, among others.

With the rapid advancement in technology and the advantages of faster internet speed, information can easily be obtained, used, and, unfortunately abused. As a result thereto, collecting and compiling passenger information at the point of tickets sales will have to be reviewed. Maintaining information databases for loyalty and rewards programs will have to be reevaluated. Opt in and opt out provisions in web-based forms will have to be reassessed. All of these concerns will be addressed soon after each department will conduct a privacy impact assessment. The greater concern is whether information freely given online in social media sites is protected.

Take the case of a passenger who lodged a complaint online using his Facebook account. Other information such as such as the email address, mobile number, birthday, gender, and civil status may be unnecessarily exposed and even accessed by the handling customer agent. Naturally, issues will arise as to whether prior consent was obtained and as to whether how such information can be used. So far, PAL is in the middle of establishing procedures to insure that all data subjects who transact business with PAL are given sufficient notices and warnings every time they “freely” offer whatever information they have shared online.

Breaches in information security or data privacy will nonetheless occur despite systems in place. The law imposes the duty upon the Data Protection Officer to report such breach to the National Privacy Commission within 72 hours upon knowledge of such breach.