Online lenders banned from collecting borrower information – Manila bulletin
Lenders who operate online apps that can be installed on smartphones are prohibited from collecting personal information, such as telephone contact lists and social media, to harass delinquent borrowers, the National Commission for the Protection of privacy (NPC).
NPC issued Circular No. 20-01 issued on October 19, in response to numerous complaints that online lenders were illegally using the personal data of customers and that of others on their contact lists, causing damage. reputation and violating their rights as data subjects. The circular takes effect 15 days after its publication in the Official Journal or in two newspapers with a large circulation.
This means that all loan and finance companies in possession of their borrower’s contact lists in any form in violation of the guidelines must dispose of the information in a secure manner that would prevent unauthorized processing, access or disclosure to them. any other party or to the public. , the AFN said.
Privacy Commissioner Raymund Liboro said the circular was issued after the harassment and shame of delinquent borrowers before relatives, friends and colleagues persisted despite separate orders from the AFN and the Securities and Exchange Commission (SEC) to shut down stray online creditors.
“The National Commission for the Protection of Privacy is issuing this circular for the proper and respectful treatment of the borrower’s personal information,” Liboro said.
He said online lending applications should design their business processes with privacy by design and by default, and with strict adherence to the principles of the Data Protection Act (DPA).
“Once again, we remind online loan operators and businesses to take the privacy of their customers’ data seriously and to deploy adequate security measures. For the public, we hope this circular will help them keep an eye out for red flags as they borrow money from online lenders, ” Liboro added.
He added that “the circular spells out what online loan operators can and cannot do with borrowers’ personal information to prevent cases of abuse.”
Under the circular, unnecessary permissions include accessing telephone contacts or the email list, collecting social media contacts, copying or saving them for use in debt collection, or to harass the borrower or his contacts.
Access to the borrower’s phone camera is only permitted for Know Your Customer (KYC) policy purposes. Under no circumstances will the borrower’s photo be used, the circular says, to harass or embarrass him in order to collect a delinquent loan.
Enforcement permissions are only permitted as part of an appropriate, necessary, and not excessive KYC purpose of determining creditworthiness, preventing fraud, and collecting debts.
“When this objective has already been achieved, these online applications must encourage the person concerned to deactivate or prohibit these authorizations”, indicates the circular. Read the entire circular here.
The circular also states the following that those responsible for processing personal information, loan and finance companies in this case, must implement reasonable and appropriate organizational, physical and technical security measures to protect personal data.
Loan details should be written in plain language and in the most appropriate format. Borrowers should be informed if the loan processing activity involves the use of profiling, automated processing, automated decision-making, or credit scoring or scoring.
A separate legal criterion should be put in place in accordance with Articles 12 and / or 13 of the Data Protection Act, if the information is used for marketing, cross-selling or sharing with third parties for the purpose of ” offer other products or services unrelated to loans. .
Reasonable data retention policies should be adopted and implemented for people whose loan applications have been refused and borrowers who have fully paid their loans.
The circular stated that loan or finance companies and persons acting as such entities were at all times responsible for personal data under their control or custody.
“They should not use personal data to engage in unfair collection practices as defined in the Circular No.18 Series of the 2019 SEC Circular,” reads Section 3E of the Circular. .
The section added that any lender found in violation of the circular will be liable under the applicable provisions of the DPA, which impose fines and jail time.
The NPC observed that a month after ordering the shutdown of 26 online lending companies in October of last year, complaints it received from the public declined by 90%.
SUBSCRIBE TO THE DAILY NEWSLETTER
CLICK HERE TO JOIN