Lenders operating online apps that can be installed in smartphones are prohibited from harvesting personal information, such as phone and social media contact lists, for harassing delinquent borrowers, the National Privacy Commission said in a circular it published Monday.
The Commission issued Circular 20-01 in response to complaints that online lenders were illegally using the personal data of clients and those of others on their contact lists, causing damage to their reputation and violating their rights as data subjects.
The NPC says the harassment and shaming of delinquent borrowers before relatives, friends and colleagues persisted despite separate orders last year from it and the Securities and Exchange Commission to shut down errant online creditors.
“The National Privacy Commission is issuing this circular for the appropriate and respectable treatment of borrower’s personal information,” Privacy Commissioner Raymund Liboro said.
He says online lending applications should design their business processes with privacy by design and default, and with complete adherence to the principles of the Data Privacy Act.
“Once again, we remind online lending operators and businesses to take their customers’ data privacy seriously and deploy adequate security measures. For the public, we hope this circular will help them keep
an eye out for red flags while they are in the process of borrowing money from online lenders,” Liboro said.
The circular comes into effect 15 days after its publication in the Official Gazette or two newspapers of general circulation.
All lending and financing companies in possession of their borrowers’ contact lists will have to dispose of the information in a secure manner that would prevent further unauthorized processing, access or disclosure to any other party or the public, the NPC said.
Under the circular, unnecessary permissions include accessing the phone contact or e-mail list, harvesting social media contacts, copying or otherwise saving these for use in debt collection, or harassing the borrower or his/her contacts.
Access to the phone camera of the borrower is allowed only for the purpose of know-your-customer policies. In no way shall the borrower’s photo be used, the circular said, to harass or embarrass him or her in order to collect a delinquent loan.
App permissions are allowed only under suitable, necessary and not excessive purposes of the KYC for determining creditworthiness, preventing fraud and collecting debt.