In today’s digital age, our personal data is more vulnerable than ever. From social media platforms to e-commerce sites, every online interaction leaves a digital footprint. But what happens when that data falls into the wrong hands? If your personal information has been misused, you have rights — and legal remedies — under Philippine law.

What is Personal Data Under Philippine Law?

Under the Data Privacy Act of 2012 (Republic Act No. 10173), personal data refers to any information from which the identity of an individual is apparent or can be reasonably determined. This includes:

Your Rights Under the Data Privacy Act

The Data Privacy Act grants every individual the following rights:

1. Right to be Informed

You have the right to know how your personal data is being collected, processed, stored, and shared. Organizations must provide a clear privacy notice before collecting your data.

2. Right to Access

You can request a copy of all personal data that an organization holds about you. This includes asking how it is being used and who it has been shared with.

3. Right to Object

You have the right to object to the processing of your personal data, particularly for direct marketing, profiling, or automated decision-making.

4. Right to Erasure or Blocking

You can request the deletion or blocking of your personal data if it is incomplete, outdated, false, unlawfully obtained, or being used for unauthorized purposes.

5. Right to Rectify

If your personal data is inaccurate or incomplete, you can demand that it be corrected immediately.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format so you can transfer it to another service provider.

7. Right to Damages

You may claim compensation if you suffer harm due to violation of your data privacy rights.

What Steps Should You Take If Your Data Is Misused?

Step 1: Document Everything

Keep records of all communications, screenshots, emails, and any evidence of the misuse. This documentation will be crucial for any legal action.

Step 2: Notify the Organization

Contact the company or organization that mishandled your data. They are required by law to respond and take corrective action. File a formal complaint with their Data Protection Officer (DPO).

Step 3: File a Complaint with the NPC

The National Privacy Commission (NPC) is the primary government agency enforcing the Data Privacy Act. You can file a complaint online through their portal at privacy.gov.ph. The NPC can investigate, issue cease-and-desist orders, and impose fines.

Step 4: Seek Legal Assistance

Data privacy violations can also give rise to civil and criminal liability. A lawyer can help you determine the best course of action — whether it be filing a criminal complaint, a civil case for damages, or both.

What Penalties Apply to Violators?

Under the Data Privacy Act, violators may face:

Common Data Privacy Violations to Watch Out For

When to Consult a Lawyer

While you can file a complaint with the NPC on your own, consulting a lawyer is strongly recommended if:

How AttyKalibre Can Help

At AttyKalibre, we understand how distressing data privacy violations can be. Our legal team can help you navigate the complexities of the Data Privacy Act, from filing complaints with the NPC to pursuing legal action against violators.

Contact us today to schedule a consultation and protect your data privacy rights.

Leave a Reply