How to File a Case for Identity Theft and Data Privacy Violations

In an increasingly digitized Philippine economy, the risks of Identity Theft and Data Privacy Violations have escalated from mere nuisances to significant legal threats. Victims often find themselves overwhelmed, not knowing whether to turn to the police, the National Privacy Commission, or the courts.

This article outlines the legal framework, the procedural steps, and the evidentiary requirements for seeking redress under Philippine law.

1. The Legal Framework

Two primary statutes govern these offenses in the Philippines. While they often overlap, they target different aspects of digital wrongdoing.

Republic Act No. 10173: The Data Privacy Act of 2012 (DPA)

The DPA focuses on the unauthorized processing of personal information. It holds "Personal Information Controllers" (entities that decide what happens to your data, like banks or social media sites) and "Personal Information Processors" accountable.

Republic Act No. 10175: The Cybercrime Prevention Act of 2012

This law criminalizes Computer-related Identity Theft (Section 4(b)(3)). It penalizes the intentional acquisition, use, or misuse of identifying information belonging to another, whether natural or juridical, without right.

Feature Data Privacy Act (RA 10173) Cybercrime Law (RA 10175)
Primary Focus Mishandling/Unauthorized use of data by entities. The act of stealing identity for fraudulent purposes.
Primary Agency National Privacy Commission (NPC). PNP-ACG or NBI-Cybercrime Division.
Nature of Case Administrative, Civil, and Criminal. Primarily Criminal.

2. Step-by-Step Procedure for Filing a Complaint

Step A: Immediate Mitigation and Evidence Gathering

Before filing a formal case, a victim must secure "digital footprints."

  1. Screenshots: Capture all fraudulent transactions, messages, or profiles. Ensure the URL and timestamps are visible.
  2. Preservation: Do not delete the messages or emails. If the data is on a website, use web archiving tools.
  3. Affidavits: Draft a "Sworn Statement" detailing when you discovered the theft and the specific damages incurred.

Step B: Exhausting Remedies (For Data Privacy Only)

Under NPC rules, you generally cannot file a formal complaint against a company (e.g., a bank or an app) unless you have first sent a Letter of Concern to their Data Protection Officer (DPO). If they fail to resolve your issue within 15 days, you may then proceed to the NPC.

Step C: Filing with the Appropriate Agency

Depending on the nature of the crime, you will approach one of the following:

1. National Privacy Commission (NPC)

For violations involving how your data was handled or leaked.

  • Action: File a formal "Complaint Affidavit."
  • Process: The NPC will conduct a summary proceeding or mediation. If a violation is found, they can recommend prosecution to the Department of Justice (DOJ).

2. PNP Anti-Cybercrime Group (PNP-ACG) or NBI-Cybercrime Division

For "Computer-related Identity Theft" where an individual is using your name to defraud others or ruin your reputation.

  • Action: Go to the "Cyber-Lab" for a forensic examination of your devices if necessary.
  • Process: The agency will conduct a "Fact-Finding Investigation." If there is sufficient evidence, they will file a complaint for Preliminary Investigation with the Prosecutor's Office.

3. The Preliminary Investigation

Once a complaint is filed with the Office of the City Prosecutor or the DOJ:

  1. Subpoena: The respondent (the accused) is issued a subpoena to submit a Counter-Affidavit.
  2. Resolution: The Prosecutor determines if Probable Cause exists.
  3. Information: If probable cause is found, a formal "Information" (criminal charge) is filed in the Regional Trial Court (RTC) designated as a Cybercrime Court.

4. Key Offenses and Penalties

Under Philippine law, the penalties for these crimes are severe to act as a deterrent.

  • Identity Theft (RA 10175): Punishable by Prision Mayor (6 years and 1 day to 12 years) or a fine of at least ₱200,000, or both.
  • Unauthorized Processing (RA 10173): Imprisonment ranging from 1 to 3 years and a fine of ₱500,000 to ₱2,000,000.
  • Malicious Disclosure: If someone with access to your data reveals it with malice, they face up to 5 years of imprisonment.

5. Important Evidentiary Rules

In these cases, the Rules on Electronic Evidence (REE) apply.

  • Functional Equivalence: An electronic document is the legal equivalent of a paper document.
  • Authentication: You must prove that the screenshot or email is what it purports to be. This is usually done through the testimony of the person who took the screenshot or through digital signatures.

6. Directory of Offices for Filing

  • National Privacy Commission: 5th Floor, Philippine International Convention Center (PICC), Pasay City.
  • PNP Anti-Cybercrime Group: Camp Crame, Quezon City (or regional satellite offices).
  • NBI Cybercrime Division: NBI Building, Taft Avenue, Manila.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login