Legal Inquiry: Data Breach Concerns with Mobile Application

Dear Attorney,

I am reaching out to seek legal advice regarding a concerning incident involving a mobile application. Recently, I discovered that the Lazada app on my cellphone had accessed information it should not have, specifically my company’s email address that was logged into my Gmail app. The app then used this information to send emails exposing my sensitive personal data to others who have access to that company email account. As a result, I faced reprimands at work for this unauthorized disclosure.

I am deeply concerned about the legality of the app's actions and the potential violation of data privacy laws. Could you please provide guidance on the legal steps I can take to address this issue?

Sincerely,
Concerned Employee

Insights

This situation involves potential violations of data privacy and security laws in the Philippines, particularly under the Data Privacy Act of 2012 (Republic Act No. 10173). The Data Privacy Act mandates that personal information controllers (such as companies managing apps) must protect personal data from unauthorized access, processing, or disclosure.

Key Points:

  1. Unauthorized Access and Data Processing: The incident described suggests that the Lazada app accessed and processed your personal data without your explicit consent. Under the Data Privacy Act, personal data must be collected and processed fairly, lawfully, and with the consent of the individual. If Lazada accessed your company's email address and utilized it without your consent, they may have violated this law.

  2. Data Breach: The unauthorized sending of emails containing your sensitive information to others could be classified as a data breach. According to the law, the National Privacy Commission (NPC) should be notified of data breaches involving sensitive personal information. You, as the data subject, also have the right to be informed of any breach that compromises your personal data.

  3. Liability and Remedies: If the Lazada app is found to have breached data privacy laws, they could be held liable for damages. You may file a complaint with the NPC, which has the authority to investigate and impose sanctions on entities violating the Data Privacy Act. Additionally, you may pursue civil action for damages caused by the unauthorized disclosure of your personal information.

  4. Employer Concerns: Given that your employer reprimanded you due to this data breach, there may be grounds to discuss the situation with your company's legal or HR department. If the reprimand was based on an incident caused by unauthorized data processing by a third-party app, it may be prudent to clarify this with your employer to mitigate any negative consequences on your employment.

Next Steps:

  • File a Complaint: You may file a complaint with the NPC to initiate an investigation into the data breach. This can be done online through the NPC's official website or by visiting their office.

  • Document Everything: Keep a detailed record of the incident, including any communications from Lazada, your employer, and any actions you have taken to address the breach.

  • Consult a Lawyer: Given the complexity of data privacy laws, it is advisable to seek further legal advice to explore your options for legal recourse and to ensure that your rights are protected throughout the process.

By addressing the situation promptly and seeking the necessary legal assistance, you can take steps to rectify the breach and protect your personal and professional interests.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login