3 Data Privacy Complaints sent through direct and intermediary channels on professional contest joiners blacklist

Sent three (3) data privacy complaints through direct and intermediary channels where one is already addressed through employee sanction. Waiting for results from 2 others. This is in connection with the blacklist of professional online contest joiners.

Lessons learned and how can you spot data privacy violations:

1. Revelation of names and contact information. People's names and contact information are private. They should never be misused.
2. The information from #1 belongs to the companies in a business relationship. Employees should not even brag that they are in a possession of a list as they are indirectly violating company's confidentiality of information owned or in possession of.
3. If the information or data belongs from a previous employment, a person should not be in possession of it anymore as that constitutes data theft especially if shared that proves possession of such information.
4. The revelation of a business trade practice of an employer (past or present) should not be disclosed as that violates employee-employer contractual relationship. It also shows that you can't be trusted.
5. Lastly, if you care about the people around you, the values that your company represent (and if your action is "unbecoming" of it), provoking people to commit an illegal action anchoring on your powerful client-supplier relationship is grave abuse of authority.

Policies to note of:

• DTI-DAO 8 requires the protection of personal data in an information and communication system. The leakage of data, such as names and contact information, is a violation of this (Section 6 to 8). 
• It also violates the Consumer Act of the Philippines that has stated application on e-commerce transactions. Section 8 reminds entities of data privacy importance. Furthermore, the definition of e-commerce in our country refers to both commercial and non-commercial transactions.
• Data privacy breaches can be held accountable for violation of the E-Commerce Law (Section 32, 33 c & d).

Companies should note the following to protect itself from these occurrences:

1. Employee contract clearly explaining the meaning of "confidential information". The mere fact we have glitches today only shows that a lot of employees don't understand the gravity of this. 
2. Instill data privacy policies in your organization, implement it, and make it compliant under DTI-DAO 8.
3. Make employees sign a non-disclosure agreement for every project handled and a release document at the end of it fully understanding what can be and can't be disclosed.
4. Have clear sanctions on data privacy violations and be ready to sue if necessary to protect your company's reputation.

I pray that a satisfactory sanction shall be given by these companies involved against their employees who violated online contest joiners data.


I won't be posting names of people and companies involved. Only recording of lessons learned hoping that this will never happen again.