When an employee copies pricing files in the Philippines, the first question is not simply “Can we sue?” or “Can we fire the employee?” The better question is: what exactly was copied, how was it accessed, where did it go, and what proof can still be preserved? Pricing sheets may contain trade secrets, confidential commercial information, customer data, discount structures, bid strategy, or personal information. Each category can trigger different Philippine remedies: internal discipline under the Labor Code, civil action for damages or injunction, criminal complaints under the Revised Penal Code or Cybercrime Prevention Act, and possible reporting duties under the Data Privacy Act.
Why copied pricing files can be legally serious
A pricing file is not just a spreadsheet. In many businesses, it may show:
- cost margins;
- supplier rates;
- customer-specific discounts;
- upcoming bid prices;
- negotiated terms;
- sales forecasts;
- client names and contact details;
- credit terms or payment history;
- strategy for competing in tenders.
If these details are not publicly known and the company took reasonable steps to keep them confidential, they may be treated as confidential business information or trade secrets. The Supreme Court has recognized that trade secrets and confidential commercial and financial information may be protected from compulsory disclosure, especially where disclosure would expose information that has competitive value. (Supreme Court E-Library)
The practical problem is that “employee data theft” is often messy. The employee may say:
- “I only emailed it to myself so I could work from home.”
- “I had access anyway.”
- “The file was not marked confidential.”
- “Everyone in sales had a copy.”
- “I did not send it to a competitor.”
- “The company is just using this to force me out.”
Those explanations may or may not be true. What matters is whether the employer can prove unauthorized copying, misuse, disclosure, deletion, concealment, or competitive harm through reliable evidence.
Is copying pricing files a Data Privacy Act issue?
Sometimes yes, sometimes no.
The Data Privacy Act of 2012, or Republic Act No. 10173, protects personal information and sensitive personal information relating to identifiable individuals. A pricing file that only contains product codes, wholesale rates, and margins may be confidential business information, but it may not be “personal data.” If the same file includes customer names, contact persons, phone numbers, emails, IDs, credit information, purchase history, or employee details, the Data Privacy Act may apply.
The Data Privacy Act requires personal information controllers to adopt reasonable organizational, physical, and technical security measures, including safeguards against unauthorized use of computer networks, a security policy, and monitoring and response processes for security incidents. Employees, agents, and representatives who process personal information must also keep personal information confidential, and that obligation continues even after termination of employment or contractual relations. (National Privacy Commission)
When must the National Privacy Commission be notified?
Not every internal data incident must be reported to the National Privacy Commission (NPC). Notification is generally mandatory when all these elements are present:
| Requirement | What it means in a pricing-file incident |
|---|---|
| The data involves sensitive personal information or information that may enable identity fraud | Examples include IDs, financial/economic data, usernames, passwords, biometric data, SSS/GSIS/PhilHealth/TIN, or copies of identification documents |
| There is reason to believe an unauthorized person acquired the data | For example, the employee emailed files to a personal account, uploaded them to cloud storage, or sent them to a competitor |
| The breach is likely to create a real risk of serious harm to affected individuals | For example, customers may suffer fraud, identity misuse, financial exposure, or targeted scams |
The NPC states that reportable personal data breaches should be submitted through its Data Breach Notification Management System within 72 hours from knowledge or reasonable belief that a breach occurred, and a full report may be required within five days, unless additional time is granted. (National Privacy Commission)
This is why the first 72 hours matter. A company should not wait for a full forensic report before deciding whether the incident may be reportable. It can file based on available information, then update as the investigation develops.
Possible legal bases in the Philippines
Labor Code: discipline or termination for just cause
Under Article 297 of the Labor Code, an employer may terminate employment for just causes such as serious misconduct, willful disobedience of lawful work-related orders, fraud or willful breach of trust, commission of a crime or offense against the employer or its representatives, and analogous causes. (Labor Law PH Library)
For pricing-file cases, the usual grounds are:
- serious misconduct, if the act is grave, work-related, and intentional;
- willful disobedience, if the employee knowingly violated a lawful and reasonable confidentiality, IT, data handling, or return-of-property policy;
- fraud or willful breach of trust, especially for managers, finance staff, sales leaders, procurement personnel, IT personnel, or employees entrusted with confidential data;
- analogous causes, if the company code of conduct clearly treats unauthorized copying, disclosure, or use of confidential business information as a serious offense.
But termination is not automatic. In Vallota v. NLRC, the Supreme Court stressed that loss of trust and confidence must be based on a willful breach and clearly established facts, not suspicion. The Court also recognized that employees with access to electronic data may become privy to confidential information, but mere possession of files without proof of fraud, misuse, or clearly wrongful intent may be insufficient for dismissal. (Supreme Court E-Library)
In Yonzon v. Coca-Cola Bottlers Philippines, Inc., the Supreme Court warned against vague confidentiality rules that allow a company to label almost anything as confidential after the fact. The Court examined whether the employee actually held a position of trust, whether the rule was clear, and whether the alleged disclosure truly justified dismissal. (Supreme Court E-Library)
The lesson is practical: a strong data-theft case needs clear policies, proof of access and copying, evidence of intent or misuse, and proper disciplinary procedure.
Cybercrime Prevention Act: unauthorized access and computer-related offenses
The Cybercrime Prevention Act of 2012, or Republic Act No. 10175, may apply when the employee accessed, copied, altered, deleted, transmitted, or used computer data without right or beyond authority. The law defines access broadly, including retrieving data from or otherwise making use of computer-system resources. It also covers computer data, electronic documents, databases, and storage media. (Supreme Court E-Library)
Possible cybercrime issues include:
- illegal access, if the employee entered a system or folder without authority;
- data interference, if the employee intentionally or recklessly altered, damaged, deleted, or deteriorated files;
- system interference, if the act hindered or interfered with systems or networks;
- misuse of devices, if passwords, access codes, or tools were used to commit cybercrime;
- computer-related fraud, if data or systems were manipulated with fraudulent intent;
- computer-related identity theft, if identifying information was acquired or used without right.
RA 10175 also states that the NBI and PNP are responsible for law enforcement of cybercrime cases and must organize cybercrime units. It further provides that cybercrime cases fall under the jurisdiction of the Regional Trial Court, including designated cybercrime courts. (Supreme Court E-Library)
Revised Penal Code: revealing secrets and industrial secrets
The Revised Penal Code may apply if the employee revealed secrets learned by reason of employment.
After amendment by Republic Act No. 10951, Article 291 penalizes a manager, employee, or servant who learns the secrets of the principal or master in that capacity and reveals them, with arresto mayor and a fine not exceeding ₱100,000. Article 292 penalizes revelation of industrial secrets by a person in charge, employee, or workman of a manufacturing or industrial establishment, to the prejudice of the owner, with prision correccional in its minimum and medium periods and a fine not exceeding ₱100,000. (Supreme Court E-Library)
These provisions are most relevant when the pricing files were actually disclosed to another person, competitor, customer, bidder, supplier, or new employer. If the employee only copied the file but there is no proof of disclosure, other legal theories may be stronger.
Intellectual Property Code and unfair competition
The Intellectual Property Code of the Philippines, or Republic Act No. 8293, recognizes “protection of undisclosed information” as part of intellectual property rights. (Lawphil)
If a competitor uses copied pricing files to mislead customers, pass off services, make false statements, or act contrary to good faith in a way that damages the original business, unfair competition under Section 168 may become relevant. The law protects goodwill and penalizes acts contrary to good faith that deceive the public or discredit another business. (Lawphil)
Civil Code: damages, injunction, and breach of obligations
Civil remedies may be available even when criminal prosecution is uncertain.
Under Articles 19, 20, and 21 of the Civil Code, persons must act with justice, honesty, and good faith; a person who willfully or negligently causes damage contrary to law must indemnify the injured party; and a person who willfully causes loss in a manner contrary to morals, good customs, or public policy may be liable for damages. (Supreme Court E-Library)
If the employee signed a confidentiality agreement, employment contract, non-disclosure agreement, acceptable-use policy, or return-of-property undertaking, Article 1170 of the Civil Code may also support a claim for damages where a person violates contractual obligations through fraud, negligence, delay, or contravention of the obligation’s terms. (Supreme Court E-Library)
Civil action is often used to seek:
- damages for lost contracts or price undercutting;
- return or deletion of copied files;
- injunction against use or disclosure;
- inspection or surrender of company devices;
- enforcement of confidentiality agreements.
What to do immediately if pricing files were copied
1. Preserve evidence before confronting the employee
Do not start by angrily confronting the employee, deleting accounts, wiping devices, or announcing accusations in group chats. Digital evidence is fragile. The goal is to preserve proof in a way that can later be explained to HR, the prosecutor, the NPC, or a court.
Secure:
- file access logs;
- email logs;
- cloud download history;
- USB connection logs;
- VPN and remote-login records;
- screenshots of file paths and timestamps;
- copies of the exact files involved;
- device inventory;
- CCTV, if relevant;
- chat or email instructions showing confidentiality;
- signed employment contract, NDA, handbook acknowledgment, and IT policy.
Keep a simple evidence log showing who collected the evidence, when it was collected, where it came from, and where it is stored. Avoid editing original files. If a forensic image is needed, use an IT professional who can document the process.
2. Contain access without destroying proof
Containment should be targeted and documented. Depending on the situation, the company may:
- disable or limit the employee’s system access;
- rotate passwords and revoke tokens;
- suspend access to shared drives and CRM tools;
- preserve the employee’s mailbox and account logs;
- collect company laptops, phones, IDs, USB devices, and access cards;
- notify IT not to auto-delete logs;
- place relevant custodians under a legal hold.
Avoid secretly accessing an employee’s personal email, personal cloud account, or personal device unless there is a clear legal basis and proper authority. Evidence gathered unlawfully may create privacy, labor, or criminal-law problems for the employer.
3. Identify what was actually copied
Create a file-by-file inventory:
| Question | Why it matters |
|---|---|
| Was it a general price list or customer-specific pricing? | Customer-specific pricing is more likely to be commercially sensitive |
| Was it publicly available? | Public data is harder to treat as a trade secret |
| Was it marked confidential? | Labels help but are not conclusive |
| Who normally had access? | Overbroad access weakens confidentiality arguments |
| Was it sent outside company systems? | External transfer supports unauthorized acquisition |
| Was personal data included? | This may trigger Data Privacy Act duties |
| Was anything deleted or altered? | This may support cybercrime or misconduct allegations |
| Was a competitor involved? | This affects civil, criminal, and business-containment strategy |
4. Check if there is a reportable personal data breach
If the pricing files include personal data, the company’s Data Protection Officer or responsible officer should assess whether NPC and data-subject notification is required.
Prepare:
- date and time of discovery;
- date and time of suspected copying;
- systems affected;
- categories of personal data involved;
- number of affected data subjects;
- likely harm;
- containment steps;
- whether law enforcement is involved;
- recommendations to affected individuals, if notice is required.
If the incident meets mandatory breach-notification criteria, report through the NPC’s required system within the 72-hour period. If the incident does not meet mandatory reporting requirements, document it internally and include it in the required annual security incident reporting process where applicable. (National Privacy Commission)
5. Start the employee disciplinary process properly
If the employee is still employed, follow due process. A rushed termination can turn a strong data case into an illegal dismissal case.
A proper just-cause process usually includes:
- First written notice or Notice to Explain (NTE). State the specific acts, dates, files, systems, policies violated, and possible penalty. Avoid vague statements like “data theft” without facts.
- Reasonable opportunity to explain. The employee should be given a meaningful chance to respond, examine the accusation, gather evidence, and ask for assistance.
- Administrative conference or hearing when appropriate. This is especially important if facts are disputed, the employee requests it, company policy requires it, or termination is being considered.
- Evaluation of evidence. Consider the employee’s explanation, IT findings, witness statements, and proportionality of penalty.
- Second written notice or Notice of Decision. State the findings, basis, rule violated, penalty, and effective date.
Philippine jurisprudence under King of Kings Transport v. Mamac requires the first notice to specify the grounds and give the employee a reasonable opportunity to submit an explanation. (Supreme Court E-Library)
6. Use preventive suspension only when justified
Preventive suspension is not a punishment. It is a temporary measure when the employee’s continued presence poses a serious and imminent threat to the life or property of the employer or co-workers. The Omnibus Rules provide that preventive suspension should not last longer than 30 days; after that, the employer must reinstate the worker or extend the suspension with pay and benefits. (Supreme Court E-Library)
For copied pricing files, preventive suspension may be justified if the employee still has access to sensitive systems, can delete logs, can contact customers using copied data, or can influence witnesses. It should not be used automatically in every investigation.
When to involve the NBI, PNP, prosecutor, or court
| Route | Best used when | Practical notes |
|---|---|---|
| Internal HR investigation | Employee is still employed and facts need to be established | Required before discipline or dismissal |
| NPC breach reporting | Personal data was involved and mandatory breach criteria are present | 72-hour reporting period may apply |
| NBI Cybercrime Division or PNP Anti-Cybercrime Group | Unauthorized system access, external transfer, deletion, credential misuse, or cybercrime evidence exists | Bring IDs, corporate authority, affidavits, logs, screenshots, device details, and file inventory |
| Office of the City or Provincial Prosecutor | Criminal complaint for cybercrime, revelation of secrets, or related offenses | Usually requires complaint-affidavit, witness affidavits, documentary evidence, and proof of authority to represent the company |
| Regional Trial Court | Injunction, damages, trade secret protection, cybercrime trial | Civil filing fees depend on the relief and amount claimed |
| NLRC/Labor Arbiter | Employee contests dismissal, suspension, final pay, or disciplinary action | Employer must prove just cause and due process by substantial evidence |
For foreign companies or foreign officers, board resolutions, secretary’s certificates, powers of attorney, affidavits, and foreign notarized documents may need proper authentication. Documents executed abroad are commonly notarized in the country of signing and apostilled where the Apostille Convention applies; Philippine embassies also explain that apostilled documents from member countries may be recognized for use in the Philippines, subject to the usual requirements of the receiving office. (Philippine Embassy)
Common mistakes that weaken pricing-file cases
Calling it “theft” before proving the legal elements
In everyday language, people call copied files “stolen.” In legal practice, the better approach is to describe the facts: unauthorized copying, downloading, emailing, cloud upload, disclosure, deletion, misuse, or breach of confidentiality. The exact legal label can then be matched to the evidence.
Relying only on suspicion
A suspicious download before resignation is not always enough. In Vallota, the Supreme Court found that the presence of files on a computer may create suspicion but may still fall short of the standard needed for termination if there is no proof of fraud, misuse, or clearly wrongful intent. (Supreme Court E-Library)
Having vague confidentiality policies
A policy saying “all company information is confidential” is weaker than a policy that clearly identifies restricted categories: pricing, margins, customer lists, bid documents, supplier rates, source files, credentials, non-public financials, and personal data. The Yonzon case shows the danger of rules that are too generic or vague. (Supreme Court E-Library)
Skipping labor due process
Even if the employee did something wrong, dismissal can still create liability if the employer fails to issue proper notices and give the employee a meaningful chance to be heard.
Over-collecting personal data during investigation
Employers investigating employee misconduct should still respect privacy. Collect what is relevant. Limit access to the investigation team. Avoid broadcasting accusations. Preserve evidence, but do not unnecessarily expose personal emails, private photos, unrelated chats, or medical and family information.
Forgetting business containment
Legal action may take months or years. Immediate commercial steps may matter more:
- review pending bids where pricing was exposed;
- check if customers received suspicious offers;
- adjust passwords and CRM permissions;
- monitor competitor behavior;
- secure supplier and customer communications;
- document lost opportunities linked to the copied files.
Documents to prepare
| Document | Purpose |
|---|---|
| Employment contract, NDA, handbook acknowledgment | Shows confidentiality duties and company rules |
| IT acceptable-use policy and access-control policy | Shows what access was authorized or prohibited |
| File inventory | Identifies what was copied and why it matters |
| Access logs, email logs, download logs | Shows access, copying, transfer, or deletion |
| Screenshots with timestamps | Helps explain technical evidence in simple terms |
| Affidavits of IT, HR, manager, and witnesses | Required for complaints and useful in labor proceedings |
| Board resolution or secretary’s certificate | Shows authority to file complaints for the company |
| Data breach assessment | Shows whether NPC reporting is required |
| Notice to Explain, employee reply, hearing minutes, Notice of Decision | Shows labor due process |
| Proof of damage | Supports civil damages, restitution, or settlement |
Frequently Asked Questions
Can an employer immediately terminate an employee for copying pricing files?
Not safely. The employer must first establish a just cause and follow procedural due process. If the evidence shows intentional unauthorized copying or disclosure of confidential pricing data, termination may be justified. But if the employer relies only on suspicion, vague rules, or unclear access restrictions, the dismissal may be vulnerable.
Is copying pricing files automatically a crime in the Philippines?
No. It depends on the facts. If there was unauthorized system access, deletion, alteration, fraudulent use, or credential misuse, the Cybercrime Prevention Act may apply. If the employee revealed employer secrets learned through the job, the Revised Penal Code may apply. If personal data was involved, the Data Privacy Act may apply. If the act is only an internal policy violation with no disclosure or misuse, the stronger route may be labor discipline or civil action.
Does the Data Privacy Act apply to business pricing information?
Only if personal data is involved. Pure product pricing, margins, formulas, and supplier rates are usually business confidential information, not personal data. But customer-specific pricing files often include names, emails, purchase history, credit terms, or other data about identifiable individuals. In that case, Data Privacy Act duties may arise.
What if the employee emailed the pricing file to a personal Gmail account?
That is a serious fact, but it still needs context. The company should preserve email logs, identify attachments, check policy rules, ask for an explanation through an NTE, and assess whether the file included personal data or trade secrets. If the employee had no authority to send the file outside company systems, this may support discipline, civil claims, or a cybercrime complaint.
What if the employee copied files before resigning and joined a competitor?
That fact pattern is high-risk. The company should preserve logs, check whether the competitor contacted customers using exposed prices, review non-disclosure and non-solicitation clauses, and consider civil action for injunction or damages. If there is proof that secrets were disclosed or used, criminal and civil remedies may also be considered.
Can the company search the employee’s personal phone or laptop?
Not automatically. The company has stronger authority over company-issued devices, company accounts, and company systems, especially if policies clearly allow monitoring and inspection. Personal devices are more sensitive. Any request to inspect them should be handled carefully, documented, and limited to relevant business data. Forced or unauthorized access may create privacy and evidentiary problems.
Should the company report the employee to the barangay?
Usually not as the main route. Employee data theft involving company systems, trade secrets, cybercrime, or corporate complainants is normally handled through internal HR processes, the NBI or PNP cybercrime units, the prosecutor’s office, the NPC if personal data is involved, or the courts. Barangay conciliation is often not the practical forum for corporate cyber or labor-related data incidents.
What if the copied file was not marked “confidential”?
Lack of a label weakens the company’s case, but it is not always fatal. The company can still show confidentiality through restricted access, password protection, role-based permissions, NDAs, training, business sensitivity, and the nature of the information. However, clear labeling and specific policies make enforcement much easier.
Can a foreign-owned Philippine company file a complaint?
Yes, a Philippine corporation, including one with foreign shareholders, may act through authorized officers or representatives. Foreign parent companies or foreign officers should prepare proper authority documents, and documents signed abroad may need notarization and apostille or consular acknowledgment depending on where they are executed and where they will be used.
How long do these cases take?
Internal investigations may take days to weeks, depending on the evidence and due process schedule. NPC breach assessment is urgent because the 72-hour reporting window may apply. Criminal complaints at the prosecutor level can take months, and court cases can take much longer. Labor cases before the Labor Arbiter and appeals to the NLRC also commonly take months or more. The timeline depends heavily on evidence quality, location, agency workload, and whether the employee or competitor contests the facts.
Key Takeaways
- Copied pricing files may involve labor law, cybercrime, trade secrets, civil damages, and data privacy depending on what was copied and how it was used.
- The first priority is to preserve evidence, not to confront, shame, or immediately terminate the employee.
- The Data Privacy Act applies only if personal data is involved, and mandatory NPC notification may be required within 72 hours in serious reportable breaches.
- Under the Labor Code, dismissal may be possible for serious misconduct, willful disobedience, fraud, or breach of trust, but the employer must prove just cause and follow due process.
- Philippine courts require more than suspicion. The strongest cases have clear policies, access logs, file inventories, witness statements, and proof of unauthorized transfer or misuse.
- Preventive suspension should be used only when the employee’s continued presence poses a serious and imminent threat, and it generally should not exceed 30 days unless extended with pay.
- If a competitor or former employee is using copied pricing files, civil remedies such as injunction, damages, and enforcement of confidentiality obligations may be as important as criminal complaints.