Privacy in the Pandemic: Lessons Learned from the BPO Industry - Disini Law Office
post-template-default,single,single-post,postid-4891,single-format-standard,ajax_fade,page_not_loaded,,qode-title-hidden,qode_grid_1300,qode-theme-ver-12,qode-theme-ignite,wpb-js-composer js-comp-ver-6.1,vc_responsive

Privacy in the Pandemic: Lessons Learned from the BPO Industry

On November 19, 2020, Disini Buted Disini hosted a webinar entitled Privacy in the Pandemic: Lessons Learned from the BPO Industry. This forms part of Digital Transformation Thursdays, an online series on the leading issues on technology and the law. 

Atty. Jon O. Bello, the Associate General Counsel of Alorica, shared his insights on the measures adopted by the business process outsourcing (BPO) industry in response to data security-related issues arising from the COVID-19 pandemic. The sudden shift to the “hybrid workplace”—a combination of on-site and work-from-home arrangements—revealed the need for companies to review and redesign their data protection policies.

According to Atty. Bello, employees who work from home are at a greater risk of security threats such as hacking, phishing, and human error. These employees also face numerous technical and physical vulnerabilities, such as unsecured Wi-Fi networks (e.g.  public Wi-Fi) and “shoulder surfing,” which in turn may endanger work-related data. In response, companies must adopt proactive measures, such as encouraging the use of a virtual private network (VPN), adopting measures on asset recovery and reintegration, and performing routine security audits and training on data security. 

On-site employees also experience intrusions into their privacy, especially in relation to their health-related data. BPOs are among the few business establishments allowed to operate during the community quarantine; because of this, they were required to comply with government-sanctioned measures, such as social distancing, the collection of health-related data (such as temperature and travel history), and contact tracing. While these measures are necessary to prevent further infection at work, they must be done in accordance with general data privacy principles, such as transparency, legitimate purpose, and proportionality. Otherwise, these data may be used to harass and discriminate against employees who have or had COVID-19.

The recording of this webinar can be viewed on the Disini Law Facebook page and YouTube channel