Can a Former Employer Contact Your New Company? Data Privacy and Blacklisting Rules (Philippines)

Can a Former Employer Contact Your New Company?

Data Privacy and Blacklisting Rules in the Philippines

Last updated: Philippine context. General information only—not legal advice.

TL;DR (the short answer)

  • Yes, but only in narrow, lawful ways. A former employer may contact your new company if there is a clear and lawful purpose (e.g., responding to a consented reference check, retrieving company property, or enforcing a valid non-compete), and they must follow the Data Privacy Act of 2012 (DPA) principles: transparency, legitimate purpose, and proportionality.
  • “Blacklisting” across companies is generally unlawful. Sharing a “do-not-hire” list or negative profiles with other employers without a lawful basis can violate the DPA, may amount to unfair labor practice if tied to union activity, and can trigger civil/criminal liability (e.g., defamation, tortious interference).
  • Your rights matter. You have the right to be informed, to object, to access, and to seek damages for unlawful disclosures. Remedies run through the National Privacy Commission (NPC), the NLRC/DOLE (labor), and the courts (civil/criminal).

1) The Legal Foundations You Need to Know

A. Data Privacy Act of 2012 (Republic Act No. 10173)

  • Who’s who: Your ex-employer is typically a Personal Information Controller (PIC); vendors they use (e.g., background screeners) are Personal Information Processors (PIPs).

  • Personal data: Any data that identifies you (name, employee ID, email, mobile no., job history); sensitive personal information includes health data, union membership, disciplinary proceedings for an offense, etc.

  • Core principles:

    • Transparency – You must be told what is being processed, why, and with whom it’s shared.
    • Legitimate Purpose – Processing must be tied to a lawful, specific purpose.
    • Proportionality – Share the minimum data necessary.

  • Lawful bases (no, consent isn’t the only basis):

    • Consent (freely given, specific, informed, time-bound).
    • Contract necessity (e.g., finishing clearance, returning assets).
    • Legal obligation (e.g., lawful requests by regulators/law enforcement).
    • Protection of vitally important interests (rare in employment transitions).
    • Public authority tasks (for government bodies).
    • Legitimate interests of the PIC, balanced against your rights—requires necessity, minimality, and safeguards.

  • Your rights: to be informed, to object, to access/correct, to erasure/blocking (in proper cases), to damages, and to lodge a complaint with the NPC.

  • Data sharing vs. outsourcing:

    • Outsourcing to a processor = still your ex-employer’s responsibility; needs a data processing agreement.
    • Sharing with an independent organization (like your new employer) generally requires a lawful basis, proper notice, and—if regular or large-scale—an appropriate data sharing agreement (DSA) and safeguards (especially for cross-border transfers).

B. Labor & Civil Law Guardrails

  • Unfair Labor Practice (ULP): Acts that interfere with the right to organize (e.g., blacklisting unionists) can be ULP—actionable before the NLRC/DOLE.

  • Certificate of Employment (COE): Employees are entitled to a COE upon request; it states dates of employment and position (not a platform for negative commentary).

  • Civil Code remedies:

    • Article 19–21 (“abuse of rights”) – liable for willful or negligent acts contrary to law/morals that cause damage.
    • Article 1314 (“tortious interference”) – a third party who induces breach of contract (e.g., goading your new employer to fire you) may be liable.

  • Defamation (libel/slander): False, malicious statements to your new employer can trigger criminal and civil liability. There is qualified privilege for fair, good-faith references on matters of common interest—but malice defeats privilege.

2) So… Can They Contact Your New Employer? It Depends on the Scenario.

Below are common scenarios, with the likely legal posture under the DPA and labor/civil rules:

Scenario Likely Allowed? Why / Conditions
Your new employer asks your ex-employer for a reference AND you gave written consent. Yes Lawful basis = consent (or legitimate interest if proportionate). Must be limited to dates, role, objective facts; avoid unnecessary sensitive data.
Your ex-employer proactively contacts your new employer to say you were “problematic.” Usually No High risk of unlawful processing, defamation, tortious interference. No clear lawful basis; fails proportionality; likely no notice/consent.
Retrieving company property or settling accountabilities (e.g., laptop, unpaid corporate card). Possibly May rely on contract necessity/legitimate interest, but contact must be necessary, minimal, and respectful; try contacting you first; avoid disclosing sensitive data.
Enforcing a valid non-compete/confidentiality covenant. Possibly Ex-employer can notify the new employer about the covenant, if reasonable in scope/time/territory and limited to what’s needed to prevent misuse of trade secrets. Avoid gratuitous negative commentary.
Reporting crimes or regulatory breaches (e.g., fraud). Possibly Lawful basis may be legal obligation or legitimate interest to protect rights of the organization/public. Share only substantiated facts with appropriate authorities; direct sharing with a new employer should be necessary and proportionate.
Industry “blacklist” or “do-not-hire” circulated to other companies. Generally No Likely DPA violation (no lawful basis; no notice; excessive data). If union-related, may be ULP. Also civil/criminal exposure.
Internal “do-not-rehire” list (kept within the same company). Sometimes Internal use only; tie to a legitimate purpose (e.g., serious integrity breach), have retention limits, access controls, and due process documentation. Not for external sharing.
Sharing health, union, or case information. Rarely This is sensitive personal information; stricter rules apply. Generally don’t share with a new employer unless a clear legal basis and necessity exist (e.g., safety-critical, by law).
Verifying employment dates only (neutral verification). Usually Yes Minimal disclosure; fits proportionality. Ideally based on a reference request with the applicant’s consent.

3) What Counts as “Blacklisting” (and Why It’s a Problem)

Blacklisting generally means creating or sharing lists (formal or informal) intended to restrict a worker’s future employment across employers—often without the worker’s knowledge or due process. In the Philippines:

  • It typically fails DPA tests (no lawful basis; no proper notice; excessive and stigmatizing data; no retention limits).
  • If motivated by union activity or used to coerce/penalize self-organization, it risks Unfair Labor Practice.
  • It can also amount to defamation and tortious interference if used to block specific opportunities.

Exception-type cases are narrow: e.g., court-ordered restrictions, regulator-maintained registers for specific industries, or well-defined statutory databases (like credit reporting under a special law). Ordinary employers do not get to create shadow registers of “undesirables.”

4) What Former Employers Should and Should Not Share

Safer “Neutral” Disclosures

  • Employment dates, last position/title, COE upon request.
  • Whether the employee is eligible for rehire (if asked)—ideally binary, no narrative.
  • Factual, documented items that are necessary for a lawful purpose (e.g., asset recovery), shared minimally.

High-Risk Disclosures (Usually Avoid)

  • Subjective performance opinions, disciplinary histories, or allegations not proven, not necessary, or not consented to.
  • Sensitive personal information (health data, union membership, cases/offenses).
  • Any industry-wide “alerts” or “blacklists” without a statutory basis and robust privacy governance.

5) If You’re the Employee: Practical Playbook

  1. Control the reference path. Give your new employer explicit referees and written consent for a targeted reference.

  2. If your ex contacts your new employer improperly:

    • Document everything (screenshots, emails, call logs).
    • Send a “Right to Object / Cease & Desist” letter invoking the DPA (sample below).
    • Ask your new employer to channel any queries through you or HR with your consent.
    • Consider NPC complaint (privacy), NLRC/DOLE action (if ULP or labor rights are involved), and/or civil/criminal remedies (defamation, tortious interference).

  3. Mind your own obligations. If you signed non-compete, non-solicit, or confidentiality clauses, get counsel to evaluate reasonableness and enforceability.

  4. Don’t overshare on social media. Public posts are fair game for background checks.

Mini-Template: DPA “Right to Object / Cease & Desist”

Subject: Exercise of Rights under the Data Privacy Act – Cease Unlawful Disclosures

Dear [Former Employer / Data Protection Officer], I am invoking my rights under the Data Privacy Act of 2012. Please cease and desist from contacting or disclosing my personal data to third parties, including my current employer, without a lawful basis and beyond what is necessary and proportionate. Kindly confirm in writing the purposes, legal basis, and recipients of any disclosures already made, and provide me access to the data you hold about me.

Sincerely, [Name], [Former Employee No.], [Contact Details]

6) If You’re the New Employer: How to Handle Inbound Calls from an Ex-Employer

  • Pause and funnel. Route the caller to HR/DPO; ask for the purpose and lawful basis.
  • Check consent. Do you have the applicant’s written consent for references? If not, get it before accepting any information.
  • Take only what’s necessary. Dates and position are usually enough. Decline sensitive or narrative disclosures unless clearly necessary and lawful.
  • Recordkeeping. Note who called, what was shared, and on what basis; keep retention short.
  • Be alert to blacklisting. Refuse broad “warnings” or lists about unrelated candidates.

7) If You’re the Former Employer (HR/Legal): Compliance Checklist

  • Policy: Adopt a neutral reference policy (dates/title only) unless written consent authorizes more, or another lawful basis truly applies.
  • Gatekeeping: Require all third-party contacts to go through HR/DPO; no ad-hoc calls by line managers.
  • Lawful basis log: For each disclosure, record purpose, basis, data items, and recipient.
  • Proportionality: Limit to minimum data. Never send sensitive data unless the law clearly allows and necessity is proven.
  • No blacklists. Do not create or share cross-employer “do-not-hire” lists.
  • Contracts: Use DPAs (for processors) and DSAs (for inter-controller sharing) when appropriate.
  • Security & retention: Use secure channels; set short retention; enable audit trails.
  • Training: Teach managers what they may—and may not—say.

8) Edge Cases and Nuances

  • Non-compete notices: A narrow, factual notice that an ex-employee is bound by a reasonable non-compete/non-solicit may be permissible, especially to prevent misuse of trade secrets. Overbroad threats or smear emails are risky.
  • Debt/asset recovery: Try all direct channels with the ex-employee first. If contacting a new employer is truly necessary, keep it strictly factual (“Please ask [Name] to coordinate the return of Company Laptop S/N…”)—no value judgments.
  • Regulatory reporting: Where a law requires reporting (e.g., specific regulated sectors), follow the statute and disclose to the proper authority, not to unrelated employers, unless the law clearly authorizes it.
  • Qualified privilege vs. malice: Even if a communication could be privileged (e.g., reference given upon request), malicious or reckless statements (or excessive disclosure) can forfeit that privilege and create liability.

9) Quick Decision Tool (for Ex-Employers)

  1. Do we have a lawful basis? (Consent? Contract necessity? Legal obligation? Legitimate interest with balancing?)
  2. Is disclosure necessary, specific, and minimal? (If not, stop.)
  3. Is any data “sensitive”? (If yes, apply stricter rules—likely don’t disclose.)
  4. Are we sharing outside our organization? (Consider DSA; secure channel; retention.)
  5. Could this look like blacklisting, defamation, or interference? (If yes/unsure, don’t do it without legal review.)

If you can’t answer “yes” to #1–2 and “no” to #5, don’t contact the new employer.

10) Remedies & Where to Go

  • National Privacy Commission (NPC): File a complaint for unlawful processing or disclosure under the DPA. NPC can issue compliance orders and impose administrative consequences; DPA also carries criminal penalties for certain violations.
  • NLRC/DOLE: For ULP, labor rights violations (e.g., union-related retaliation, refusal to issue COE).
  • Courts: Civil damages under the Civil Code (abuse of rights; tortious interference) and defamation; criminal actions (libel) in proper cases.

11) Practical Takeaways

  • Employees: Give written consent for specific referees; push back on off-path contacts; keep records; know your remedies.
  • New employers: Accept only consented, minimal references; decline gossip and lists.
  • Former employers: Default to neutral references; avoid unsolicited contact; never share blacklists; document lawful bases.

If you want, I can tailor a one-page neutral reference policy for HR or a custom cease-and-desist letter based on your exact situation.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login