Guidelines in processing personal data for loan-related transactions have been amended to address privacy concerns due to the prevalence of online lending.
In a statement, the National Privacy Commission (NPC) said it has amended certain provisions of its NPC Circular No. 2020-01 providing for the guidelines on the processing of personal data for loan- related transactions which was published on Sept. 14, 2020.
Under NPC Circular No. 2022-02, the amendments cover the processing of personal data for evaluating loan applications, granting loans, collection of loans, and closure of loan accounts; character references; and a newly added provision for guarantors. Privacy
“NPC Circular No. 2022—02 provides amendments that will serve as an added protection to both borrowers and lending companies. The NPC aims for smooth transactions between the two parties, where borrowers are afforded their data privacy rights and lending companies are given the opportunity to ethically conduct their business and establish trust among their customers,” said commissioner John Henry.
Under Section 3(A)(5) of the amended circular, a lending company, financing company, and other persons acting as such should provide just-in-time notices before obtaining the consent of the data subjects in loan-related transactions. The just-in-time notice provides data subjects with information on how a particular piece of information they are asked to provide will be processed.
In loan processing activities, Section 3(D) of the amended circular provides that a lending company, financing company, or other persons acting as such are prohibited from conducting unnecessary processing including requiring unnecessary permissions that involve personal and sensitive personal information.
The amended circular allows the processing of a borrower’s contact information for identity verification and to check the truthfulness of the information provided by borrowers. However, the processing must not be unbridled or unconstrained, excessive, and disproportional to its purpose. This includes processing that leads to harassment; processing for collection of debt outside of the guarantors provided by the borrower; and processing that results in unfair collection practices.
The amended circular also protects the data privacy rights of a borrower’s character reference and guarantor.
Section 4 provides that a character reference shall not be automatically treated as a guarantor while Section 5 provides that a guarantor is “one who expressly binds himself or herself to the creditor to fulfill the obligation of the individual borrower in case the latter should fail to do so”.
A lending company, financing company, or other persons acting as such are required to register with the NPC and submit a complete list of the names of all publicly available applications that they own and operate. Violators of the amended circular will be subject to penalties, fines, and other disciplinary measures.
