Online lenders barred from harvesting borrowers’ info
Lenders operating online apps that can be installed in smartphones are prohibited from harvesting personal information, such as phone and social media contact lists, for harassing delinquent borrowers, the National Privacy Commission (NPC) said.
NPC issued Circular No. 20-01 published today, October 19, in response to numerous complaints that online lenders were illegally using personal data of clients and those of others on their contact lists, causing damage to their reputation and violating their rights as data subjects. The circular takes effect 15 days after its publication in the official Gazette or two newspapers of general circulation. This means all lending and financing companies in possession of their borrowers’ contact lists in whatever form in violation of the guidelines shall dispose of the information in a secure manner that would prevent further unauthorized processing, access, or disclosure to any other party or the public, the NPC said.
Privacy Commissioner Raymund Liboro said the circular was issued after harassment and shaming of delinquent borrowers before relatives, friends and colleagues persist despite separate orders last year from the NPC and the Securities and Exchange Commission (SEC) to shut down errant online creditors.
“The National Privacy Commission is issuing this circular for the appropriate and respectable treatment of borrower’s personal information,’’ said Liboro.
He said online lending applications should design their business processes with privacy by design and default, and with complete adherence with the principles of the Data Privacy Act (DPA).
“Once again we remind online lending operators and businesses to take their customers’ data privacy seriously and deploy adequate security measures. For the public, we hope this circular will help them keep an eye out for red flags while they are in the process of borrowing money from online lenders,’’ Liboro added. He further said that "the circular lays out what online lending operators can and cannot do with borrowers’ personal information to avoid instances of abuse.”
Under the circular, unnecessary permissions include accessing phone contact or e-mail list, harvesting social media contacts, copying or otherwise saving these for use in debt collection, or to harass the borrower or his/her contacts.
Access to the phone camera of the borrower is allowed only for the purpose of know-your-customer (KYC) policies. In no way shall the borrower’s photo be used, the circular said, to harass or embarrass him or her in order to collect a delinquent loan. (Bernie Cahiles-Magkilat)