The Securities and Exchange Commission-Davao Extension Office (SEC-DEO) has warned lending and financing companies not to process personal data in debt transactions.
The warning came about after the extension office confirmed having received complaints from borrowers whose pieces of personal information were used to threaten them of legal actions for failing to settle their debt obligations.
The extension office is reminding the public that the Commission, having regulatory and supervisory jurisdiction over lending and financing companies, prohibits unfair debt collection practices such as the use of insults or profane language, violent threats or false representation.
SEC Memorandum Circular No. 18, Series of 2019 states that “financing companies, lending companies and third party service providers hired by them may resort to all reasonable and legally permissible means to collect amounts due them under the loan agreement provided that, in the exercise of their rights and performance of their duties, they must observe good faith and reasonable conduct and refrain from engaging in unscrupulous and untoward acts,”
The office also called on borrowers to ensure that the information they provide to these entities do not violate their privacy as they could seek legal redress if they feel harassed or aggrieved.
The SEC-DEO’s call arose after the National Privacy Commission (NPC) came out with Circular No. 20-01 recently which specifies the guidelines on the processing of personal data for loan-related transaction.
The NPC cited Republic Act No. 10173, or the Data Privacy Act of 2012 as the basis of the circular as the law is the policy of government in protecting “the fundamental human right of privacy of communication while ensuring free flow of information to promote innovation and growth.”
Based on the law, anyone violating it could be ordered to pay up to P5 million and imprisonment of maximum of six years.
In that circular, the NPC also reiterated complaints that there are lending entities, using online applications, “processed personal data of their clients without lawful basis under the law, and used such personal data about their clients and other individuals in their contact list causing damage to their reputation, in violation of their rights and freedoms as data subjects,”
“Access to contact details in whatever form, such as but not limited to phone contact list or e-mail lists, the harvesting of social media contacts, and/or copying or otherwise saving these contacts for use in debt collection or to harass in any way the borrower or his/her contacts, are prohibited,” it added.
Section 2 of the circular pointed out that those entities, they being the lenders or those third parties that are tapped to process the information, must “implement reasonable and appropriate organizational, physical, and technical security measures for the protection of personal data and uphold the rights of data subjects.”
It added that lending entities and other parties involved in their businesses are “prohibited from requiring unnecessary permissions that involve personal and sensitive personal information.”
In case of taking photographs of the borrowers when they file their loan applications, permission for the use of these photographs must be turned off after the use and that these must not be used to “harass or embarrass the borrower in order to collect a delinquent loan.”
