NPC Circular 16-04 – Rules of Procedure - National Privacy CommissionNational Privacy Commission

NPC Circular 16-04 – Rules of Procedure

December 27, 2016 11:47 am Last Edit: December 27th, 2016

PDF VERSION

npc-circular-16-04-rules-of-procedure

DATE

15 December 2016

SUBJECT

RULES OF PROCEDURE OF THE NATIONAL PRIVACY

COMMISSION

PRELIMINARY PROVISIONS

General
Principles

Scope
and
Coverage

COMPLAINTS FOR
VIOLATIONS OF
THE DATA PRIVACY
ACT
1. Who
  may file complaints
2. Exhaustion
  of remedies
3. Filing Fees
4. Printed Copies
5. Where to file
6. Electronic Filing
7. Parties to the Complaint
8. Form and Contents of the
  Complaint
PROCEDURE IN COMPLAINTS
COMPLAINTS OF THE NATIONAL
PRIVACY COMMISSION
1. Own
  initiative
2. Uniform
  procedure
ALTERNATIVE MODES OF DISPUTE
RESOLUTION
REQUESTS
FOR
ADVISORY OPINIONS

Advisory
Opinions

Uniform
procedure
APPEALS

Appeal
GENERAL
PROVISIONS

Confidentiality

Application
of Rules of Court

Interpretation

Separability
Clause

Effectivity
A Guide
for the Data Subject

Pursuant to the authority vested in the National Privacy Commission
through Section 7 of Republic Act No. 10173, otherwise known as “The
Data Privacy Act of 2012”, the following Rules of Procedure of the
National Privacy Commission are hereby prescribed and promulgated:

RULE I.
PRELIMINARY
PROVISIONS

SECTION 1. General
Principles.
– The National Privacy Commission is an independent body mandated to
administer and implement provisions of the Data Privacy Act, and to
monitor and ensure compliance of the country with international
standards set for data protection. The Commission shall uphold the
right to information privacy while supporting free flow of information.
In the exercise of its quasi-judicial function, the Commission is
authorized to receive complaints and institute investigations. In order
to fulfill its mandate, it may compel any entity, government agency or
instrumentality to abide by its orders or take action on a matter
affecting data privacy, and impose sanctions as may be appropriate.

SECTION 2.
Scope and
Coverage. –
These rules shall apply to all complaints filed before the National
Privacy Commission or such other grievances, requests for assistance or
advisory opinions, and other matters cognizable by the National Privacy
Commission.

Back
to Top

RULE II.
COMPLAINTS FOR VIOLATIONS OF THE

DATA PRIVACY
ACT

SECTION 3. Who
may file complaints.
– The National Privacy Commission, sua sponte, or
persons who are the subject of a privacy violation or personal data
breach, or who are otherwise personally affected by a violation of the
Data Privacy Act, may file complaints for violations of the Act.
The person who is the subject of the privacy violation or personal data
breach, or his or her duly authorized representative may file the
complaint, Provided, that the circumstances of
the authority must be established.
Any person who is not personally affected by the privacy violation or
personal data breach may: (a) request for an advisory opinion on
matters affecting protection of personal data; or (b) inform the
National Privacy Commission of the data protection concern, which may
in its discretion, conduct monitoring activities on the organization or
take such further action as may be necessary.

SECTION 4.
Exhaustion of
remedies.
– No complaint shall be entertained unless:

the complainant has informed, in writing, the personal
information controller or concerned entity of the privacy violation or
personal data breach to allow for appropriate action on the same;
the personal information controller or concerned entity did
not take timely or appropriate action on the claimed privacy violation
or personal data breach, or there is no response from the personal
information controller within fifteen (15) days from receipt of
information from the complaint ; and
the complaint is filed within six (6) months from the
occurrence of the claimed privacy violation or personal data breach, or
thirty (30) days from the last communiqué with the personal information
controller or concerned entity, whichever is earlier.

The failure to comply with the requirements of this Section shall cause
the matter to be evaluated as a request to the National Privacy
Commission for an advisory opinion, and for the National Privacy
Commission to take such further action, as necessary.
The National Privacy Commission may waive any or all of the
requirements of this Section, at its discretion, upon good cause shown,
or if the complaint involves a serious violation or breach of the Data
Privacy Act, taking into account the risk of harm to the affected data
subject.

SECTION 5. Filing Fees.
– No
complaint or request for advisory opinion shall be entertained unless
the appropriate filing fees have been shown to have been paid, unless:
(a) the complainant is the government, or any agency or instrumentality
thereof, including government-owned and controlled corporations
organized and existing under their own charter, and excluding
government-owned and controlled corporations organized and incorporated
under the Corporation Code; (b) the complainant qualifies as an
indigent or pauper litigant as defined under the Rules of Court; or (c)
the National Privacy Commission, in its proper discretion and for good
cause shown, waives this requirement.

Back
to Top

SECTION 6.
Printed
Copies.
- The complaint, together with the documentary evidence and affidavits
of witnesses, if any, shall be filed in such number as there are
respondents, plus two (2) copies for the file.

SECTION 7.
Where to file.
– A
complaint may be filed at any office of the Commission.

SECTION 8.
Electronic
filing. –
The complaint and its supporting evidence, as well as any subsequent
filings may be filed as electronic documents, pursuant to the
provisions of Republic Act No. 8792, and subject to the right of the
Commission to request for hard copies, or charge fees for the printing
thereof, either by e-mail or by submitting the same contained in a
portable electronic data storage device at any office of the
Commission.
Whenever practicable, electronic submissions shall be made and
digitally signed in .PDF format, on page sizes compliant with the
Efficient Use of Paper Rule.
When submissions are made through portable electronic data storage
devices, the provisions of Section 6 of these Rules shall apply, with
one portable data storage device equivalent to one printed copy,
provided, that documents made on such portable data storage devices, if
either the device or any file found therein is detected to be infected
with any form of malware, all the electronic documents on that portable
electronic data storage device shall not be considered as having been
filed.
When submissions are made through e-mail, all electronic documents must
be submitted to [email protected],
copy furnished any and all other parties to the complaint.

SECTION 9. Parties to the
Complaint.
– – The Complaint must specify the identity of the individual claiming
to be subject of a privacy violation or the person so damaged or
injured by a data breach, who shall be referred to as the complainant.
The complainant shall include in his complaint his contact information,
and where the complainant or duly authorized representative may be
served with orders, issuances or communications, including a secure
electronic mail address when available.
The complaint must identify the person or organization complained
against, who shall be referred to as the respondent; the mere provision
of the means to trace the identity of the party complained against
shall be considered as insufficient identification. The complainant
shall also provide in the complaint: (a) the respondent’s contact
information, where practicable; and (b) where the respondent may be
served with orders, issuances or communications from the National
Privacy Commission.

SECTION
10. Form
and Contents of the Complaint.
– The complaint shall comply with the requirements of the Efficient Use
of Paper Rule (A.M. No. 11-9-4-SC) and other such rules of formatting
as may be provided for by the Supreme Court for use in quasi-judicial
agencies.
The form of the complaint must be in writing, verified and under oath,
or contained in a sworn affidavit. A complaint that does not comply
with this requirement shall be acted upon only, at the discretion of
the National Privacy Commission, if it merits appropriate consideration
on its face, or is of such notoriety that it necessarily contains
sufficient leads or particulars to enable the taking of further action.
The complaint shall include a brief narration of the material facts and
supporting documentary and testimonial evidence, all of which show: (a)
the violation of the Data Privacy Act or related issuances; or (b) the
acts or omissions allegedly committed by the respondent amounting to a
privacy violation or personal data breach. The complaint must include
any and all reliefs sought by the complainant.
The supporting documents shall consist of original or certified true
copies of any documentary evidence, and the affidavits of witnesses, if
any, including those affidavits necessary to identify the documents and
to substantiate the complaint.
The complainant shall attach any and all correspondence with the
respondent on the matter complained, and include a statement of the
action taken by the respondent to address the complaint, if any.
The failure to comply with the requirements of this Section shall cause
the matter to be evaluated as a request to the National Privacy
Commission for an advisory opinion, and for the National Privacy
Commission to take such further action, as necessary.

Back
to Top

RULE III.
PROCEDURE IN COMPLAINTS

SECTION 11. Evaluation.
– Upon receipt of the complaint, the National Privacy Commission shall
assign an investigating officer who shall conduct the proceedings.
The investigating officer shall evaluate the complaint to determine
whether its allegations involve a violation of the Data Privacy Act or
related issuances and if based on its allegations, there is reason to
believe that there is a privacy violation or personal data breach.
The investigating officer shall then recommend to the Commission
whether the complaint shall be:

dismissed outright for want of palpable merit;
referred to the respondent for comment;
subject to further monitoring or investigation;
treated as a request for an advisory opinion; or
indorsed to the proper government agency with jurisdiction
over the complaint.

SECTION 12. Outright Dismissal.
– The Commission may dismiss outright any complaint on the following
grounds:

The complainant did not give the respondent an opportunity
to address the complaint, unless failure to do so is justified;
The complaint is not a violation of the Data Privacy Act or
does not involve a privacy violation or personal data breach;
The complaint is filed beyond the period for filing; or
There is insufficient information to substantiate the
allegations in the complaint or the parties cannot be identified or
traced.

SECTION 13. Order to Confer for Discovery.
– If, on the face of the complaint, the allegations are deemed to be
sufficient in form and substance, the investigating officer shall issue
an Order for all parties to confer, not later than ten (10) days from
receipt of the said Order, whether discovery of information and of
electronically stored information is reasonably likely to be sought in
the proceeding.
A copy of the complaint, together with its supporting evidence, shall
be included with the Order to Confer for Discovery. If discovery of
electronically stored information is reasonably likely to be sought,
the parties shall discuss:

any issues relating to the preservation of the information;
the form in which each type of the information will be
produced;
the period within which the information will be produced;
the method for asserting or preserving claims of privilege
or of protection of the information;
the method for asserting or preserving confidentiality and
proprietary status of information relating to a party or person not a
party to the proceeding;
whether allocation among the parties of the expense of
production is appropriate; and
any other issue relating thereto.

The agreement will be reduced into a Discovery Conference Report to be
signed and submitted by all parties to the Commission within five (5)
days of the conclusion of the conference.

Back
to Top

SECTION 14. Discovery. –

The National Privacy Commission may issue an Order
governing the discovery of electronically stored information pursuant
to:
1. a motion by a party seeking discovery of the
  information or from which discovery of the information is sought; or
2. a stipulation of the parties and of any person not a
  party from which discovery of the information is sought.
The Order governing the discovery will cover the same matter a
discovery conference report is to address. Absent exceptional
circumstances, the National Privacy Commission may not impose sanctions
on a party for failure to provide electronically stored information
lost as a result of the routine, good-faith operation of an electronic
information system.

A party may serve on any other party a request for
production of electronically stored information and for permission to
inspect, copy, test, or sample the information, copy furnished the
National Privacy Commission. The party on which the said request is
served must serve a response within three (3) working days, or in such
timely manner as to preserve the integrity of the electronically stored
information. The response must state, with respect to every item or
category in the request that inspection, copying, testing, or sampling
of the information will be permitted as requested; or any objection to
the request and the reasons for the objection.The party requesting the
production may specify the form in which the electronically stored
information is to be produced. The responding party must state in its
response that form in which it intends to produce each type of the
information.
Unless the parties otherwise agree or the investigating officer
otherwise orders: (1) If a request for production does not specify a
form for producing a type of electronically stored information, the
responding party shall produce the information in a form in which it is
ordinarily maintained or in a form that is reasonably usable; and (2) a
party need not produce the same electronically stored information in
more than one form.

A party may object to discovery of electronically stored
information from sources that the party identifies as not reasonably
accessible because of undue burden or expense. In its objection the
party shall identify the reason for the undue burden or expense.On
motion to compel discovery or for a protective order relating to the
discovery of electronically stored information, a party objecting to
discovery under the next preceding paragraph bears the burden of
showing that the information is from a source that is not reasonably
accessible because of undue burden or expense.

The National Privacy Commission may order discovery of
electronically stored information that is from a source that is not
reasonably accessible because of undue burden or expense if the party
requesting discovery shows that the likely benefit of the proposed
discovery outweighs the likely burden or expense, taking into account
the amount in controversy, the resources of the parties, the importance
of the issues, and the importance of the requested discovery in
resolving the issues.If the National Privacy Commission orders
discovery of electronically stored information under the next preceding
paragraph, it may set conditions for discovery of the information,
including allocation of the expense of discovery.

The National Privacy Commission shall limit the frequency
or extent of discovery of electronically stored information, even from
a source that is reasonably accessible, if the Commission determines
that:
1. It is possible to obtain the information from some
  other source that is more convenient, less burdensome, or less
  expensive;
2. The discovery sought is unreasonably cumulative or
  duplicative;
3. The party seeking discovery has had ample opportunity
  by discovery in the proceeding to obtain the information sought; or
4. The likely burden or expense of the proposed discovery
  outweighs the likely benefit, taking into account the amount in
  controversy, the resources of the parties, the importance of the
  issues, and the importance of the requested discovery in resolving the
  issues.

SECTION 15. Order to Submit Comment.
– Following the receipt of the Discovery Conference Report, the
investigating officer shall issue an Order directing the respondent or
respondents, as the case may be, to submit within ten (10) days from
receipt thereof, a responsive Comment to the Complaint, together with
any supporting documents the respondent or respondents may have,
including the affidavits of any of the respondents’ witnesses, if any.
The investigating officer, upon his or her discretion, may require the
complainant to file a Reply within ten (10) days after receipt of the
Order requiring the filing of a Reply. Such an Order may also require
the respondent to file a Rejoinder within ten (10) days after receipt
of the Reply.

SECTION 16. Investigation; Examination of Systems and
Procedures. – The investigating officer shall
investigate the circumstances surrounding the privacy violation or
personal data breach. Investigations may include on-site examination of
systems and procedures. In the course of the investigation, the
complainant and/or respondent may be required to furnish additional
information, document or evidence, or to produce additional witnesses.
The parties shall have the right to examine the evidence submitted,
which he or she may not have been furnished, and to copy them at his
expense.

Back
to Top

SECTION 17. Failure to Submit Comment.
– If the respondent does not file a Comment, the investigating officer
may consider the complaint as submitted for resolution. The respondent
shall, in any event, have access to the evidence on record.

SECTION 18. Recommendation of the Investigating Officer.
– Upon the termination of the investigation, the investigating officer
shall produce a fact-finding report, which shall include the results of
the investigation, the evidence gathered, and any recommendations. The
report shall be submitted to the Office of the Commissioner.

SECTION 19. Temporary Ban on Processing Personal Data
– At the commencement of the complaint or at any time before the
decision of the National Privacy Commission becomes final, a
complainant or any proper party may have the National Privacy
Commission, acting through the investigating officer, impose a
temporary ban on the processing of personal data, if on the basis of
the evidence on record, such a ban is necessary in order to preserve
the rights of the complainant or to protect national security or public
interest.

A temporary ban on processing personal data may be granted
only when: (1) the application in the complaint is verified and shows
facts entitling the complainant to the relief demanded, or the
respondent or respondents fail to appear or submit a responsive
pleading within the time specified for within these Rules; and (2)
unless exempted from the payment of filing fees as provided for in
these Rules, the complainant files with the National Privacy Commission
a bond executed to the party or person so banned from processing
personal data in an amount to be fixed by the investigating officer.
Upon approval of the requisite bond, the temporary ban on processing
personal data shall be issued.
When an application for a temporary ban on processing
personal data is included in a complaint, the investigating officer
shall issue a Notice of Hearing, together with a copy of the
complainant’s affidavit, the annexes thereto, and receipt of the bond,
when applicable.
When an application for a temporary ban on processing personal data is
made by motion, the investigating officer shall issue a Notice of
Hearing, together with a copy of the receipt of the bond, when
applicable.
The Notice of Hearing shall indicate the scheduled date and venue for
the hearing, and that the respondent or respondents, as the case may
be, may appoint a representative to appear at the hearing in order to
protect their interests.
The complainant shall shoulder the cost to ensure that this Notice of
Hearing is delivered to the respondent or respondents, as the case may
be, within the next business day, by personal or substituted service,
and if personal or substituted service is impossible, by private
courier. Upon service, the complainant shall file an affidavit of
service attesting that service was properly made upon the respondent or
respondents, as the case may be.
The temporary ban on processing personal data shall be
acted upon only after all the parties are heard in a summary hearing.
If all the parties can be found in the Philippines, or if service upon
a non-resident is made by substituted service, the summary hearing
shall be conducted within the next business day following the actual
receipt of the Notice, as indicated in the affidavit of service.
If the respondent is a non-resident of the Philippines and only direct
service or service by courier is possible, then the hearing shall be
conducted one (1) week after actual receipt of the Notice.
If so issued, the temporary ban on processing personal data
shall remain in effect until the final resolution of the case or upon
orders of the Commission or lawful authority.

Back
to Top

SECTION 20. Permanent Ban on Processing
Personal Data. – If after the termination of
the proceedings it appears that the complainant is entitled to have a
permanent ban on processing personal data, the investigating officer
shall recommend that the Commission issue an Order granting a permanent
ban on processing personal data.

SECTION 21. Action on the Recommendations of the
Investigating Officer. – The Commission shall
review the evidence presented, including the fact-finding report and
supporting documents. On the basis of the said review, the National
Privacy Commission may: (1) promulgate a Decision; or (2) order the
conduct of a clarificatory hearing, if in its discretion, additional
information is needed to make a Decision. No motion for clarificatory
hearing shall be entertained. In case the Commission finds that a
clarificatory hearing is necessary, the following shall be observed:

The parties shall be notified of the schedule for
clarificatory hearing at least five (5) days from schedule;
The Commission may require additional information and/or
compel attendance of any person involved in the complaint;
The parties shall not directly question the individuals
called to testify but may submit their questions to the Commission for
their consideration;
The parties may be required to submit their respective
memoranda containing their arguments on the facts and issues for
resolution.

SECTION 22. Rendition of decision.
– The Decision of the Commission shall adjudicate the issues raised in
the complaint on the basis of all the evidence presented and its own
consideration of the law. The decision may include enforcement orders,
including: (a) an award of indemnity on matters affecting personal data
protection, or rights of the data subject, where the indemnity amount
to be awarded shall be determined based on the provisions of the Civil
Code; (b) cease and desist orders; (c) the imposition of a temporary or
permanent ban on the processing of personal data, as provided for in
these Rules; (d) a recommendation to the Department of Justice (DOJ)
the prosecution and imposition of penalties specified in the Act; (e)
those to compel or petition any entity, government agency or
instrumentality to abide by its orders or take action on a matter
affecting data privacy; (f) those to impose fines for violations of the
Act or issuances of the Commission; or (g) any other order to enforce
compliance with the Data Privacy Act.
A copy of the decision shall be served upon the parties, for
information and compliance with any directive contained therein.

Back
to Top

RULE IV.
COMPLAINTS OF THE NATIONAL PRIVACY COMMISSION

SECTION
23. Own initiative.
– Depending on the nature of the incident, in cases of a possible
serious privacy violation or personal data breach, taking into account
the risks of harm to a data subject, the Commission may investigate on
its own initiative the circumstances surrounding the possible
violation. Investigations may include on-site examination of systems
and procedures. If necessary, the Commission may use its enforcement
powers to order cooperation of the personal information controller or
other persons, with the investigation or to compel appropriate action
to protect the interests of data subjects.

SECTION 24. Uniform procedure. –
The investigation shall be in accordance with Rule III of these Rules,
provided that the respondent shall be provided a copy of the
fact-finding report and given an opportunity to submit an answer. In
cases where the respondent or respondents fail without justification to
submit an answer or appear before the National Privacy Commission when
so ordered, the Commission shall render its decision on the basis of
available information.

Back
to Top

RULE V.
ALTERNATIVE MODES OF DISPUTE RESOLUTION

SECTION
25. Alternative modes of dispute
resolution. – The Commission shall facilitate
or enable settlement through the use of alternative dispute resolution
processes, provided that if the allegations are of a serious nature,
taking into account the risks of harm to a data subject, the Commission
may immediately conduct an investigation on its own initiative.

SECTION 26. Mediation officer. –
The Commission shall assign a mediation officer to assist the
complainant and respondent to reach a settlement agreement provided
that no settlement is allowed for criminal acts. The mediation officer
shall identify the issues for resolution and mediate in order for the
parties to reach an amicable settlement. In case the parties reach an
amicable settlement, the mediation officer shall issue a resolution on
the agreement between parties.

SECTION 27. Failure to reach settlement.
– In case the parties are unable to reach an amicable settlement, the
procedure for the resolution of complaints shall be followed.

Back
to Top

RULE VI.
REQUESTS FOR ADVISORY OPINIONS

SECTION
28. Advisory Opinions.
– An advisory opinion may be issued by the Commission on matters
relating to data privacy or personal data protection, at the instance
of any party, or on any complaint filed, which failed to comply with
the requirements of Rule II herein.
No request for an advisory opinion shall be entertained unless:

the request provides sufficient facts to allow for
evaluation of the matter relating to data privacy or personal data
protection;
the request relates to novel issues or legitimate concerns
that merit further evaluation;
the request is not related to any pending case before the
National Privacy Commission, or on any matter that is subject of an
ongoing investigation; and
the request is not on an a matter that has previously been
subject of an advisory opinion.

An advisory opinion shall be limited to discussion of the issues and
applicable law or jurisprudence but shall not impose any sanctions or
award damages.

SECTION 29. Uniform procedure. –
Requests for the issuance of an advisory opinion must be in writing and
addressed to the National Privacy Commission. Whenever applicable, the
procedure for the filing of the advisory opinion shall be in accordance
with Rule II of these Rules, provided that the Commission may request
for additional information as may be necessary to evaluate the personal
data protection concern.
The requesting party must provide contact details, including a valid
electronic mail address, where the Commission may send its orders or
opinions. Advisory opinions issued by the Commission may be made
available to the public.

Back
to Top

RULE VII.
APPEALS

SECTION 30. Appeal. –
The decision of the National Privacy Commission shall become final and
executory fifteen (15) days after the receipt of a copy thereof by the
party adversely affected. One motion for reconsideration may be filed,
which shall suspend the running of the said period. Any appeal from the
Decision shall be to the proper courts, in accordance with law and
rules.

Back
to Top

RULE VIII.
GENERAL PROVISIONS

SECTION 31. Confidentiality.
– The Commission may ask for access to personal data that is subject of
any complaint and to collect the information necessary to perform its
functions. The Commission shall ensure confidentiality of any personal
data that comes to its knowledge and possession, provided that any
personal data submitted may be transferred to parties who will be
contacted during the handling of the case and may be disclosed to
agencies who are authorized to receive information relating to law
enforcement, prosecution or review of the Commission's decisions,
subject to the Act and related issuances. Information about the case
may also be used for policy development, public education, case reports
and publications.

SECTION 32. Application of Rules of Court.
– The Rules of Court shall apply in a suppletory character, and
whenever practicable and convenient.

SECTION 33. Interpretation. –
These rules shall be liberally interpreted in a manner mindful of the
rights and interests of the person about whom personal data is
processed.

SECTION 34. Separability Clause.
– In the event that any provision or part of this Order is declared
unauthorized or rendered invalid, those provisions not affected by such
declaration shall remain valid and in force.

SECTION 35. Effectivity. – This
Order shall take effect fifteen (15) days after publication in the
Official Gazette or two newspapers of general circulation. They shall
govern all cases brought after they take effect and to further
proceedings in cases then pending, except to the extent that their
application would not be feasible or cause injustice to any party.

Back
to Top

Approved:

(Sgd.)
RAYMUND E. LIBORO

Privacy Commissioner

(Sgd.)
IVY D. PATDU

Deputy Privacy
Commissioner

(Sgd.)
DAMIAN DOMINGO O. MAPA

Deputy Privacy
Commissioner

A
Guide for the Data Subject

Do you have a concern about a privacy violation, personal
data breach or matters related to personal data protection, or any
other violation the Data Privacy Act and other issuances of the
National Privacy Commission?
1. Yes. Proceed to the next section (No.2).
2. No. The National Privacy Commission may have no power
  to act on your complaint. The Commission can only act on matters that
  relate to the Data Privacy Act.
3. I am not sure. Request for an Advisory Opinion or
  request for information (No.5).
Does your concern affect you personally or involve your
personal data?
1. Yes. If it is a matter affecting your own personal
  data, you may file a Complaint with the National Privacy Commission.
2. No. If it is about another person, or is a matter of
  general concern, request instead for an Advisory Opinion.
How do you file a complaint?
1. First, give an opportunity to the individual or company
  to address your concerns. Send a written letter to the individual or
  company you believe has committed a privacy violation or personal data
  breach, and request the said company for appropriate action.
2. If the company does not act on your letter within 15
  days, or has failed to take appropriate action on your concern, you may
  file your complaint with the Commission. File the complaint within 30
  days from last communication. If you have an important reason why you
  think it would be hard to write to the individual company, you may
  explain this to the Commission.
3. The complaint should be in an affidavit form and should
  include:
  1. all information relevant to your concern, including
    any other evidence or affidavits of witnesses, if any;
  2. your communications with the individual or company;
  3. the relief you are demanding, whether you want
    specific action from the individual or company, or whether you want to
    claim for damages; and
  4. your contact details and contact details of the
    individual or company.
4. You may file it with the office of the National Privacy
  Commission, where you may be asked to pay filing fees, depending on the
  relief you are asking. You may file it online through e-mail at [email protected]
  . In case of electronic mail, wait for instructions on how filing fees
  can be filed. If you qualify as an indigent, no filing fee is necessary.
5. An investigating officer will evaluate your complaint
  and when sufficient in form and substance, the Commission may call on
  you to confer with the respondent on matters like discovery of evidence
  or schedules of the proceedings.
6. Upon completion of the investigation, the investigating
  officer shall refer the case to the Office of the Commissioner for
  final decision.
How do you request for Advisory Opinion?
1. File your request for advisory opinion in the same
  manner as a complaint.
2. You request should include all facts necessary for the
  Commission to evaluate your concern and render an opinion.
3. Provide the National Privacy Commission a way to
  contact you.
4. Remember that if your request is for an advisory
  opinion, the National Privacy Commission will not award damages.
Can I get additional information on this circular? You may
request for additional information on the procedure through [email protected]

Back
to Top