In recent days there have been reports of a potential breach of personal data related to COVID-19 vaccination in the Philippines. WHO understands that the responsible authorities of the Government of the Philippines are investigating.
WHO does not collect, process or store any personally identifiable information (for example, names, email addresses, phone numbers, etc.) in relation to COVID-19 immunization. During the COVID-19 pandemic, WHO collected from national health authorities around the world data that is aggregated at a population level, for example on the total numbers of COVID-19 infections, deaths, and vaccine doses administered in the country. These data are crucial for monitoring the progress of COVID-19 vaccination efforts nationally and globally.
WHO does not have access to underlying personal data, which is the exclusive domain of governments.
Reports that a data breach linked to WHO or WHO-hosted databases has occurred are false and inaccurate.
WHO abides by principles related to personal data protection embodied in the United Nations Principles on Personal Data Protection and Privacy.