RA 10173
I.
1. The National Privacy Commission report stated that “the penalties inflicted on borrowers by these online lenders are abusive. The public shaming they carried out, has caused anxiety, depression; some have even lost jobs and feel they became unemployable, that their reputation and future was put in jeopardy.” The operators of these abusive online apps will be charged with criminal cases and may face up to seven years imprisonment and pay penalties in the amount of up to five million pesos.
2. Yes. Money Lending applications violated the data privacy of the borrowers. Public shaming of online lending apps is a violation of data privacy act. An initial investigation conducted by the NPC on three big online lending companies showed that the aforementioned practices is a violation of the Data Privacy Act of 2012. Among these practices are:
a. Accessing the phone numbers of the borrowers’ contact list without their permission;
b. Posting wrong information to the public; and
c. Using the borrowers’ personal information to shame and threaten them
II.
1. ThE RIGHT TO BE INFORMED
Under R.A. 10173, your personal data is treated almost literally in the same way as your own personal property. Thus, it should never be collected, processed and stored by any organization without your explicit consent, unless otherwise provided by law. Information controllers usually solicit your consent through a consent form. Aside from protecting you against unfair means of personal data collection, this right also requires personal information controllers (PICs) to notify you if your data have been compromised, in a timely manner. As a data subject, you have the right to be informed that your personal data will be, are being, or were, collected and processed.
2. THE RIGHT TO ACCESS
This is your right to find out whether an organization holds any personal data about you and if so, gain “reasonable access” to them. Through this right, you may also ask them to provide you with a written description of the kind of information they have about you as well as their purpose/s for holding them.
Under the Data Privacy Act of 2012, you have a right to obtain from an organization a copy of any information relating to you that they have on their computer database and/or manual filing system. It should be provided in an easy-to-access format, accompanied with a full explanation executed in plain language.
You may demand to access the following:
a. The contents of your personal data that were processed.
b The sources from which they were obtained.
c. Names and addresses of the recipients of your data.
d. Manner by which they were processed.
e. Reasons for disclosure to recipients, if there were any.
f. Information on automated systems where your data is or may be available, and how it may affect you.
g. Date when your data was last accessed and modified
h. The identity and address of the personal information controller.
Paul must execute a written request to the organization, addressed to its Data Protection Officer (DPO). In the letter, mention that his request is being made in exercise of his right to access under the Data Privacy Act of 2012. The DPO is required to respond to his written request. He must be prepared to provide evidence of his identity, which the DPO should require to make sure that personal information is not given to the wrong person. If his request was not granted, or if he feels that his request was not sufficiently addressed, he may file a formal complaint with the NPC.
3. THE RIGHT TO RECTIFY
Under Data Privacy Act of 2012, you have the right to dispute and have corrected any inaccuracy or error in the data a personal information controller (PIC) hold about you. The PIC should act on it immediately and accordingly, unless the request is vexatious or unreasonable. Once corrected, the PIC should ensure that your access and receipt of both new and retracted information. PICs should also furnish third parties with said information, should you request it.
Mary must execute a written request to the organization, addressed to its Data Protection Officer (DPO), and have it received. In the letter, mention that her request is being made in exercise of her right to object under the Data Privacy Act of 2012. Documents to support request must be attached. The DPO must act on her written request. In case she feels that her request have not been addressed satisfactorily, she may file a formal complaint before the NPC, attached therewith the request letter to the DPO.
1. The National Privacy Commission report stated that “the penalties inflicted on borrowers by these online lenders are abusive. The public shaming they carried out, has caused anxiety, depression; some have even lost jobs and feel they became unemployable, that their reputation and future was put in jeopardy.” The operators of these abusive online apps will be charged with criminal cases and may face up to seven years imprisonment and pay penalties in the amount of up to five million pesos.
2. Yes. Money Lending applications violated the data privacy of the borrowers. Public shaming of online lending apps is a violation of data privacy act. An initial investigation conducted by the NPC on three big online lending companies showed that the aforementioned practices is a violation of the Data Privacy Act of 2012. Among these practices are:
a. Accessing the phone numbers of the borrowers’ contact list without their permission;
b. Posting wrong information to the public; and
c. Using the borrowers’ personal information to shame and threaten them
II.
1. ThE RIGHT TO BE INFORMED
Under R.A. 10173, your personal data is treated almost literally in the same way as your own personal property. Thus, it should never be collected, processed and stored by any organization without your explicit consent, unless otherwise provided by law. Information controllers usually solicit your consent through a consent form. Aside from protecting you against unfair means of personal data collection, this right also requires personal information controllers (PICs) to notify you if your data have been compromised, in a timely manner. As a data subject, you have the right to be informed that your personal data will be, are being, or were, collected and processed.
2. THE RIGHT TO ACCESS
This is your right to find out whether an organization holds any personal data about you and if so, gain “reasonable access” to them. Through this right, you may also ask them to provide you with a written description of the kind of information they have about you as well as their purpose/s for holding them.
Under the Data Privacy Act of 2012, you have a right to obtain from an organization a copy of any information relating to you that they have on their computer database and/or manual filing system. It should be provided in an easy-to-access format, accompanied with a full explanation executed in plain language.
You may demand to access the following:
a. The contents of your personal data that were processed.
b The sources from which they were obtained.
c. Names and addresses of the recipients of your data.
d. Manner by which they were processed.
e. Reasons for disclosure to recipients, if there were any.
f. Information on automated systems where your data is or may be available, and how it may affect you.
g. Date when your data was last accessed and modified
h. The identity and address of the personal information controller.
Paul must execute a written request to the organization, addressed to its Data Protection Officer (DPO). In the letter, mention that his request is being made in exercise of his right to access under the Data Privacy Act of 2012. The DPO is required to respond to his written request. He must be prepared to provide evidence of his identity, which the DPO should require to make sure that personal information is not given to the wrong person. If his request was not granted, or if he feels that his request was not sufficiently addressed, he may file a formal complaint with the NPC.
3. THE RIGHT TO RECTIFY
Under Data Privacy Act of 2012, you have the right to dispute and have corrected any inaccuracy or error in the data a personal information controller (PIC) hold about you. The PIC should act on it immediately and accordingly, unless the request is vexatious or unreasonable. Once corrected, the PIC should ensure that your access and receipt of both new and retracted information. PICs should also furnish third parties with said information, should you request it.
Mary must execute a written request to the organization, addressed to its Data Protection Officer (DPO), and have it received. In the letter, mention that her request is being made in exercise of her right to object under the Data Privacy Act of 2012. Documents to support request must be attached. The DPO must act on her written request. In case she feels that her request have not been addressed satisfactorily, she may file a formal complaint before the NPC, attached therewith the request letter to the DPO.
Comments
Post a Comment