IN RE: Call Recording Policy and Regulation in the Philippines.

One of the Laws that cover any private communication is REPUBLIC ACT No. 4200 otherwise known as the Anti
Wire Tapping Law of the Philippines. Under this law It shall be unlawful for any person, not being authorized by
all the parties to any private communication or spoken word, to tap any wire or cable, or by using any other device
or arrangement, to secretly overhear, intercept, or record such communication or spoken word by using a device
commonly known as a dictaphone or dictagraph or dictaphone or walkie-talkie or tape recorder, or however
otherwise described. (Emphasis Supplied)

The law further states that It shall also be unlawful for any person, be he a participant or not in the act or acts
penalized in the next preceding sentence, to knowingly possess any tape record, wire record, disc record, or any
other such record, or copies thereof, of any communication or spoken word secured either before or after the effective
date of this Act in the manner prohibited by this law; or to replay the same for any other person or persons; or to
communicate the contents thereof, either verbally or in writing, or to furnish transcriptions thereof, whether
complete or partial, to any other person: Provided, That the use of such record or any copies thereof as evidence in any
civil, criminal investigation or trial of offenses mentioned in section 3 hereof, shall not be covered by this
prohibition.

From the foregoing, it can be gleaned that the law highlights the prohibition against recording communication
without the consent of the conversing parties. And as stated therein, you cannot record a private conversation if any
of the parties to it does not give his/her consent to such recording, even if you are one of the parties in a
communication. Furthermore, even the reproduction, distribution, and replay, even in transcripted form of the
unauthorized recording is prohibited by the law.

Another law that would govern call recordings, specially with BPOs that collects data from its client is Republic Act
No. 10173, also known as the Data Privacy Act of 2012, is an act protecting individual personal information in
information and communications systems in the government and the private sector. The Data Privacy Act of 2012
aims to protect the fundamental human right of privacy, of communication while ensuring free flow of information
to promote innovation and growth. It also aims to ensure that personal information in information and
communications systems in the government and in the private sector are secured and protected. The enactment of
this law hopes to maintain the competitiveness of our country and boost investments in the information technology-
business processing outsourcing (IT-BPO) sectors and support a healthy information and communications
technology (ICT) industry.

This law may be summarized as follows:

Principally deals with the processing of Personal Information (Sec. 3g) and Sensitive Personal Information
(Section 3l);

The Processing of Personal Information is lawful under the following circumstances:

a. There is consent of the data subject;

b. Necessary to the fulfillment of a contract or of a legal obligation;
c. In response to national emergency, public order and safety;
d. When the life and health, or other vital interests of the data subject are involved;
e. In pursuit of legitimate interests by the personal information controller or by a third party to whom
the data is disclosed provided that the fundamental rights and freedoms of the data are not
violated.

On the other hand, processing of Companies who subcontract processing of personal information to 3rd
party shall have full liability and cant pass the accountability of such responsibility (Sec. 14).

Data subject has the right to know if their personal information is being processed. The person can demand
information such as the source of info, how their personal information is being used, and copy of their
information. One has the right to request removal and destruction of ones personal data unless there is a
legal obligation that required for it to be kept or processed. (Secs. 16 and 18)
 If the data subject has already passed away or became incapacitated (for one reason or another), their legal
assignee or lawful heirs may invoke their data privacy rights. (Sec. 17)

Personal information controllers must ensure security measures are in place to protect the personal
information they process and be compliant with the requirements of this law. (Secs. 20 and 21)

In case a personal information controller systems or data got compromised, they must notify the affected
data subjects and the National Privacy Commission. (Sec. 20)

Contracts, which involve the access of sensitive personal information from one thousand (1,000) or more
individuals, shall register their Personal Information Processing System with the Commission (Sec. 24).