Data protective jurisdictions tend to guarantee the right of individuals to contact an organization directly and find out whether personal data is being tracked. Access procedures and acceptable exceptions (such as business secrecy) are determined by law and may be subject to the control of data protection authorities. In the context of HR, personal data access requests can include information tracked by the company as well as data tracked by third-party solutions, such as background check vendors.
The Implementing Rules and Regulations of the Data Privacy Act of 2012 outlines how data subjects can access personal data that is being collected and processed (Rule VIII. Rights of Data Subjects, Sec. 34). Employees should be informed in advance (or, at the next reasonable opportunity) when personal data is collected. Notice should include:
Data subjects should also be notified and given an opportunity to withhold consent in case where there are changes or any amendments to the information supplied or declared to the employee.
While data subjects have the right to object to their personal information being collected, this right is limited in the context of employment. An individual’s personal data can continue to be processed for “obvious purposes,” such as when it’s necessary “in relation to a contract or service to which the data subject is a party, or when necessary or desirable in the context of an employer-employee relationship.”
Individuals also have the right to dispute the accuracy of their data and have it corrected unless the request is unreasonable. They can also request that data be deleted in certain circumstances, such as when:
Generally, data subjects in the Philippines have the right to reasonably request and access:
HR Best Practices: Employers should establish official procedures and contacts for employee requests. When processing an access request from an employee, make sure not to disclose information connected to other employees.