Embedding an expert in data privacy and protection on an ethics board can help ensure that research proposals align with the organization privacy policies, said Dr. Raymond Francis R. Sarmiento, regular member of the NRCP Division of Medical Sciences and Director of the National Telehealth Center, during his presentation on Data Protection and Privacy in Research in the Pandemic Era at the National Research Council of the Philippines (NRCP) Annual Scientific Conference and 89th General Membership Assembly on March 15, 2022.

 Scholars, researchers, and scientists are considered processors and/or collectors of sensitive and confidential data and information. According to European University Institute (EUI, July 2021) in their guide on good data protection practice in research, privacy issues arise whenever data relating to persons are collected and stored, in digital form or otherwise. EUI added that a main challenge for research is to use and share the data, and at the same time protect personal privacy.

Researchers are mostly governed by the privacy policy of their home institution and Implementing Rules and Regulations of the Data Privacy Act of 2012. For the research ethics compliance, he posed that further review by a data privacy officer may be required if any research may touch on matters of national security.

Sarmiento reiterated the need for researchers to ensure that: 1) Risks to research participants are limited or are reasonable in relation to anticipated benefits; 2) Equitable selection of study subjects; 3) Informed consent is obtained; 4) Protection of privacy of study subjects and data confidentiality; and 5) Include in protocol: Data Privacy and Management Plan.


“Securing informed consent is key”, Dr. Sarmiento said. He added that consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of the data subject by an agent specifically authorized by the data subject to do so.

He shared that guide documents are available online for the 2017 National Ethical Guidelines for Health and Health-Related Research, Code of Ethics in Social Science Research, and Social Science Ethics Review Board (SSERB) Guidelines for Ethical Research in the Social Sciences.

Personal Data Breaches can be intentional or unintentional, according to Sarmiento.

Sarmiento presented that the Commission on Election (COMELEC 2016) data breach was the most noticeable case of a violation.

He added that in case of personal data breach (known or reasonable belief of occurrence), the personal information controller should comply with privacy Rule 9 (data breach notification), and inform the data privacy commission, and the affected data subjects within 72 hours. He said that this is required when information may be used to enable identity fraud through an unauthorized person and when breach is likely to give rise to a real risk of serious harm to any affected data subject.

Dr. Raymond Francis R. Sarmiento was awarded by the National Academy of Science and Technology – Philippines in 2019 as its Outstanding Young Scientist in the field of Public Health Informatics.

Sarmiento also shared that the first data protection policy on record was in Germany, as early as 1970, followed by Sweden, France, and United States of America (HIPAA). Also, 3 out of 10 ASEAN countries have comprehensive laws and an established data privacy regulation authority (Malaysia in 2010, Philippines and Singapore in 2012).

He ended that there are efforts in ASEAN region to align the policies between 7 countries.

Twitter   Linkedin   Facebook