Instead of carelessly" requiring contact tracing under multiple applications and databases, there should just be one application with a single protecting data controller.
Albay Representative Joey Salceda Monday called out the Inter-Agency Task Force for the Management of Emerging Infectious Diseases saying multiple apps may have been the source for personal information by text spam recently received by many mobile phone users.
"The IATF did not push hard enough and enforce a single contact tracing app with a single database. That means you had different data collectors, some of whom may not have been able to protect data. I don't want to ascribe malice, but some of them may have even sold it," Salceda said.
He added: "All of these potential data breaches could have been limited by having just one single controller and clearinghouse of data that is also protected and audited."
He then urged the National Telecommunications Commission to work with telecommunication companies to detect and prevent a mass of successive text messages in suspicious volumes.
Under the Privacy Policy Office Advisory Opinion 2017-68, a data breach appears to have been committed once a prepaid number is activated and associated/linked to an individual subscriber. This can also be through the use of the mobile number for various registrations, availing of products or services, etc.
The data controllers, he said, seem to be incapable of protecting all data. Therefore, there was plenty of room for breaches since there were so many data controllers because of multiple contact tracing apps.
