IN RE: Call Recording Policy and Regulation in the Philippines.

One of the Laws that cover any private communication is REPUBLIC ACT No. 4200 otherwise known as
the Anti Wire Tapping Law of the Philippines. Under this law It shall be unlawful for any person, not
being authorized by all the parties to any private communication or spoken word, to tap any
wire or cable, or by using any other device or arrangement, to secretly overhear, intercept, or record
such communication or spoken word by using a device commonly known as a dictaphone or
dictagraph or dictaphone or walkie-talkie or tape recorder, or however otherwise
described. (Emphasis Supplied)

The law further states that It shall also be unlawful for any person, be he a participant or not in the
act or acts penalized in the next preceding sentence, to knowingly possess any tape record, wire
record, disc record, or any other such record, or copies thereof, of any communication or spoken word
secured either before or after the effective date of this Act in the manner prohibited by this law; or to
replay the same for any other person or persons; or to communicate the contents thereof, either
verbally or in writing, or to furnish transcriptions thereof, whether complete or partial, to any other
person: Provided, That the use of such record or any copies thereof as evidence in any civil, criminal
investigation or trial of offenses mentioned in section 3 hereof, shall not be covered by this
prohibition.

From the foregoing, it can be gleaned that the law highlights the prohibition against recording
communication without the consent of the conversing parties. And as stated therein, you cannot
record a private conversation if any of the parties to it does not give his/her consent to such recording,
even if you are one of the parties in a communication. Furthermore, even the reproduction,
distribution, and replay, even in transcripted form of the unauthorized recording is prohibited by the
law.

Another law that would govern call recordings, specially with BPOs that collects data from its client is
Republic Act No. 10173, also known as the Data Privacy Act of 2012, is an act protecting individual
personal information in information and communications systems in the government and the private
sector. The Data Privacy Act of 2012 aims to protect the fundamental human right of privacy, of
communication while ensuring free flow of information to promote innovation and growth. It also aims
to ensure that personal information in information and communications systems in the government
and in the private sector are secured and protected. The enactment of this law hopes to maintain the
competitiveness of our country and boost investments in the information technology-business
processing outsourcing (IT-BPO) sectors and support a healthy information and communications
technology (ICT) industry.

This law may be summarized as follows:

Principally deals with the processing of Personal Information (Sec. 3g) and Sensitive Personal
Information (Section 3l);

The Processing of Personal Information is lawful under the following circumstances:

 a. There is consent of the data subject;

b. Necessary to the fulfillment of a contract or of a legal obligation;

c. In response to national emergency, public order and safety;

d. When the life and health, or other vital interests of the data subject are involved;

e. In pursuit of legitimate interests by the personal information controller or by a third

party to whom the data is disclosed provided that the fundamental rights and
freedoms of the data are not violated.

On the other hand, processing of Companies who subcontract processing of personal

information to 3rd party shall have full liability and cant pass the accountability of such
responsibility (Sec. 14).

Data subject has the right to know if their personal information is being processed. The person
can demand information such as the source of info, how their personal information is being
used, and copy of their information. One has the right to request removal and destruction of
ones personal data unless there is a legal obligation that required for it to be kept or
processed. (Secs. 16 and 18)

If the data subject has already passed away or became incapacitated (for one reason or
another), their legal assignee or lawful heirs may invoke their data privacy rights. (Sec. 17)

Personal information controllers must ensure security measures are in place to protect the
personal information they process and be compliant with the requirements of this law. (Secs.
20 and 21)

In case a personal information controller systems or data got compromised, they must notify
the affected data subjects and the National Privacy Commission. (Sec. 20)

Contracts, which involve the access of sensitive personal information from one thousand
(1,000) or more individuals, shall register their Personal Information Processing System with
the Commission (Sec. 24).