A Legal Article on Identity Misuse, Employment Fraud, Data Privacy, and Remedies

I. Introduction

An unauthorized job application using another person’s identity occurs when someone applies for work, submits a resume, attends an interview, signs employment documents, takes assessments, undergoes onboarding, or communicates with an employer while pretending to be another person or while using another person’s personal information without consent.

In the Philippines, this can happen in many ways. A person may use another individual’s name, photograph, resume, school records, certificates, government ID numbers, employment history, email address, phone number, online job profile, digital signature, professional license, or scanned documents to apply for a job. The impersonator may intend to get hired, pass background checks, obtain salary, steal benefits, hide a disqualification, avoid a blacklist, create a fake employment record, commit fraud, or use the victim’s identity for further scams.

The legal consequences can be serious. Depending on the facts, the conduct may involve identity theft, computer-related identity misuse, falsification, estafa, use of falsified documents, perjury, data privacy violations, unauthorized processing of personal information, employment fraud, professional regulation violations, and civil liability for damages. It may also expose the innocent identity owner to reputational harm, tax issues, benefit record problems, background-check complications, loan or payroll fraud, immigration issues, and criminal suspicion.

This article discusses the Philippine legal context, common forms of unauthorized job applications, possible liabilities, employer obligations, victim remedies, evidence gathering, complaint options, and prevention.

---

II. What Is an Unauthorized Job Application Using Another Person’s Identity?

It is any job application, employment process, or work-related representation made without authority using another person’s identity or personal data.

The act may include:

1. submitting a resume under another person’s name;
2. using another person’s photo in a job profile;
3. using another person’s government ID;
4. using another person’s school records;
5. using another person’s certificate of employment;
6. using another person’s training certificates;
7. using another person’s professional license;
8. using another person’s email address or phone number;
9. using another person’s LinkedIn, JobStreet, Indeed, Kalibrr, Facebook, or other job profile;
10. applying through a recruiter using another person’s details;
11. attending an interview while pretending to be another person;
12. taking an online examination for another person;
13. signing employment forms using another person’s name;
14. submitting pre-employment medical, NBI clearance, police clearance, or background-check documents in another person’s identity;
15. enrolling payroll, SSS, PhilHealth, Pag-IBIG, or tax records using another person’s information;
16. accepting a job offer under another person’s name;
17. working under another person’s identity; and
18. using another person’s identity to receive salary, commissions, incentives, or benefits.

The act may be done by a stranger, relative, friend, former employer, recruiter, co-worker, online scammer, human resources personnel, document fixer, or organized group.

---

III. Why This Issue Is Serious

Unauthorized identity use in job applications is not a harmless prank or simple misunderstanding. It can cause serious damage to the victim and to the employer.

For the victim, it may result in:

1. damaged professional reputation;
2. false record of application or employment;
3. failed background check;
4. tax records connected to income not actually received;
5. SSS, PhilHealth, or Pag-IBIG record confusion;
6. payroll or bank account misuse;
7. identity theft;
8. fake loan or salary advance applications;
9. fake employment certificates;
10. immigration or visa complications;
11. professional license misuse;
12. disciplinary complaints;
13. being linked to fraud or misconduct;
14. unwanted contact by recruiters or employers;
15. loss of job opportunity; and
16. emotional distress and inconvenience.

For the employer, it may result in:

1. hiring an unqualified person;
2. payroll fraud;
3. workplace security risk;
4. false compliance records;
5. exposure to data privacy complaints;
6. invalid employment documents;
7. tax and benefits reporting errors;
8. client or customer risk;
9. professional licensing violations;
10. reputational damage; and
11. possible liability if the employer ignored warning signs.

---

IV. Common Scenarios

A. Using Another Person’s Resume

The impersonator copies another person’s resume and submits it as their own, including the victim’s education, employment history, skills, certifications, and references.

This may be done to pass screening or to appear qualified for a job.

B. Using Another Person’s Name and Photo

The impersonator creates an online job profile using the victim’s name and photograph. This may be used for job applications, recruitment scams, or fake employment.

C. Using Another Person’s Government IDs

The impersonator submits copies of the victim’s passport, driver’s license, national ID, UMID, PRC ID, voter’s ID, postal ID, or other government-issued identification.

This is especially serious because these documents may be used for payroll, bank account opening, SIM registration, loans, travel, or identity verification.

D. Using Another Person’s Professional License

The impersonator uses another person’s PRC license or professional credentials to apply as an engineer, nurse, architect, teacher, accountant, physician, pharmacist, seafarer, real estate professional, or other regulated professional.

This may involve unauthorized practice of a profession and may endanger the public.

E. Applying Through a Recruiter Using Another Person’s Identity

A recruiter may submit an application using a person’s name without consent to meet quotas, create fake applicants, deceive employers, or collect recruitment fees.

This can occur in manpower agencies, overseas recruitment, BPO hiring, work-from-home jobs, or local employment placement.

F. Taking an Interview or Exam for Another Person

A person may attend an interview or take an online test using another applicant’s name. This can happen in remote hiring where identity verification is weak.

If hired, the employer may later discover that the person who works is not the person who applied.

G. Working Under Another Person’s Identity

This is a more advanced and dangerous form of identity misuse. The impersonator not only applies but actually works under the victim’s name.

This may affect tax, benefits, payroll, attendance, disciplinary records, and employment history.

H. Using a Relative’s Identity

Sometimes a person uses a sibling’s, cousin’s, spouse’s, parent’s, or friend’s identity because the relative has better qualifications, clean records, or required documents. Consent may be disputed.

Even family relationship does not automatically authorize use of another person’s identity.

I. Fake Job Application to Harass or Embarrass Someone

A malicious person may submit job applications in the victim’s name to embarrass them, make them appear desperate for employment, damage current employment, or cause recruiters to contact them.

J. Job Application Connected to Scams

A scammer may use the victim’s identity to apply for jobs that are actually fronts for money mule schemes, online fraud, illegal sales, or unauthorized platform accounts.

---

V. Personal Information Involved

Unauthorized job applications often involve personal information and sensitive personal information, such as:

1. full name;
2. date of birth;
3. address;
4. contact number;
5. email address;
6. photograph;
7. signature;
8. resume and employment history;
9. educational background;
10. school records;
11. government ID numbers;
12. tax identification number;
13. SSS number;
14. PhilHealth number;
15. Pag-IBIG number;
16. passport number;
17. PRC license number;
18. bank details;
19. emergency contact;
20. health information;
21. NBI or police clearance;
22. civil status;
23. family information;
24. biometric data;
25. video interview recordings;
26. test results;
27. psychological assessment results;
28. background check reports.

Some of these are sensitive or high-risk data. Unauthorized use can trigger data privacy obligations and liabilities.

---

VI. Possible Criminal Liability

Unauthorized job application using another person’s identity may involve several criminal offenses depending on the facts.

A. Computer-Related Identity Theft

If information and communications technology is used to acquire, use, misuse, transfer, possess, alter, or delete another person’s identifying information, computer-related identity theft may be relevant.

This is common when the impersonator uses online job platforms, email, social media accounts, digital copies of IDs, electronic signatures, fake online forms, or remote hiring systems.

Examples include:

1. creating an online job profile under another person’s identity;
2. submitting digital copies of another person’s IDs;
3. using another person’s email account;
4. using a stolen resume or profile;
5. uploading another person’s documents to an employer portal;
6. using another person’s digital signature;
7. accessing another person’s job portal account;
8. impersonating the victim through video or chat;
9. using another person’s data for remote work onboarding.

The use of technology may aggravate or change the legal analysis.

B. Falsification of Documents

Falsification may arise if the impersonator fabricates, alters, or falsely signs documents used in the job application.

Possible falsified documents include:

1. resume with false identity;
2. application form;
3. employment contract;
4. job offer acceptance;
5. personal data sheet;
6. government ID copies;
7. certificates of employment;
8. school records;
9. training certificates;
10. medical certificates;
11. NBI or police clearance;
12. professional licenses;
13. payroll forms;
14. tax forms;
15. SSS, PhilHealth, or Pag-IBIG forms;
16. authorization letters;
17. consent forms;
18. background check forms;
19. affidavits;
20. electronic signatures.

If the document is public, official, commercial, or private, the exact legal treatment may vary.

C. Use of Falsified Documents

Even if the impersonator did not personally create the fake document, knowingly using it may still create liability.

For example, a person who knowingly submits a falsified certificate of employment or fake ID during job application may be liable for use of falsified documents.

D. Estafa or Swindling

Estafa may be involved if the impersonator deceives the employer, recruiter, client, or third party into giving money, salary, benefits, equipment, access, or employment opportunity.

Examples include:

1. receiving salary under another person’s name;
2. obtaining company laptop or equipment by pretending to be the victim;
3. collecting signing bonus;
4. obtaining relocation allowance;
5. receiving training allowance;
6. inducing employer to hire based on false identity;
7. obtaining loans or cash advances through fake employment;
8. deceiving a recruiter into paying referral fees;
9. deceiving clients using false professional credentials.

Employment fraud can become property fraud when money or property is obtained through deceit.

E. Perjury or False Statements Under Oath

If the applicant signs sworn documents, notarized affidavits, or official declarations under another person’s identity, perjury or false statement issues may arise.

F. Unauthorized Practice of Profession

If the impersonator uses another person’s professional license to obtain work in a regulated profession, this may involve unauthorized practice and professional regulation violations.

Examples include impersonating or falsely claiming to be:

1. nurse;
2. physician;
3. engineer;
4. architect;
5. teacher;
6. accountant;
7. lawyer;
8. pharmacist;
9. dentist;
10. seafarer;
11. real estate broker;
12. criminologist;
13. psychologist;
14. customs broker;
15. other licensed professional.

This is especially serious where public health, safety, finance, or legal rights are affected.

G. Data Privacy-Related Offenses

Unlawful processing, unauthorized use, malicious disclosure, improper disposal, or unauthorized access involving personal data may create liability under data privacy principles and related laws.

This may apply not only to the impersonator but also to recruiters, employers, agencies, or insiders who unlawfully obtained, shared, or used the victim’s personal data.

H. Cybercrime-Related Fraud

If the impersonation was done through online platforms, fake emails, fraudulent accounts, digital forms, or remote-work systems, cybercrime-related provisions may be implicated.

I. Identity-Linked Fraud Against Government Agencies

If the impersonator caused false entries in tax, SSS, PhilHealth, Pag-IBIG, immigration, licensing, or professional records, additional administrative or criminal consequences may arise.

---

VII. Civil Liability

The victim may pursue civil remedies for the injury caused by unauthorized identity use.

Possible civil claims include:

1. damages for invasion of privacy;
2. damages for fraudulent use of identity;
3. damages for reputational harm;
4. moral damages in proper cases;
5. exemplary damages in cases of wanton or malicious conduct;
6. actual damages for expenses incurred;
7. attorney’s fees;
8. injunction to stop further use;
9. accounting of benefits received;
10. return or destruction of documents;
11. correction of records;
12. indemnity for tax or benefit problems;
13. damages for lost job opportunity;
14. damages for emotional distress if legally supported;
15. damages for malicious harassment.

The victim must prove the unauthorized use, the link to the respondent, and the damage suffered.

---

VIII. Employer’s Duties and Responsibilities

Employers have responsibilities when receiving and processing job applications.

A. Verify Identity

Employers should verify that the applicant is the person they claim to be. This is especially important before onboarding, payroll enrollment, issuance of access credentials, handling of confidential data, or deployment to client sites.

Reasonable verification may include:

1. government ID check;
2. live interview;
3. face-to-ID comparison;
4. background verification;
5. reference checks;
6. video identity verification for remote applicants;
7. document authenticity checks;
8. matching bank account name to employee name;
9. checking professional license status when relevant;
10. requiring personal appearance for high-risk roles.

B. Protect Applicant Data

Employers must process applicant data lawfully, fairly, and securely. Job applicants are data subjects. Their personal data should not be collected, shared, retained, or used beyond legitimate hiring purposes.

C. Respond to Identity Misuse Reports

If a person reports that their identity was used without consent in a job application, the employer should act promptly.

The employer should:

1. acknowledge the report;
2. preserve records;
3. suspend processing of suspicious application;
4. verify identity;
5. restrict access to the application file;
6. investigate internal involvement;
7. avoid further disclosure;
8. correct records;
9. document findings;
10. cooperate with lawful requests;
11. notify appropriate officers;
12. assess whether breach notification is required;
13. provide the victim with confirmation where appropriate.

D. Avoid Retaliation or Defamation

The employer should not accuse the identity owner of fraud without basis. The victim may be innocent. Employers should carefully distinguish between the real person and the impersonator.

E. Correct Employment Records

If false employment records were created, the employer should correct them to prevent future harm.

This may include:

1. canceling fake application;
2. removing false employment profile;
3. marking the file as identity misuse;
4. correcting payroll records;
5. correcting tax and benefit submissions;
6. notifying background-check vendors;
7. revoking access credentials;
8. disabling email or system accounts;
9. investigating payments made.

---

IX. Liability of Recruiters and Agencies

Recruiters, headhunters, manpower agencies, outsourcing firms, and placement agencies may be liable if they knowingly or negligently submit applications using another person’s identity.

Possible wrongful acts include:

1. submitting fake applicants;
2. using resumes without consent;
3. editing resumes to misrepresent identity;
4. creating fake candidate profiles;
5. using stolen IDs;
6. using one person’s credentials for another applicant;
7. fabricating background checks;
8. submitting candidates without authorization;
9. failing to verify identity;
10. collecting fees through identity misuse;
11. sharing applicant data without consent;
12. retaining resumes indefinitely and reusing them;
13. selling candidate information;
14. allowing employees to misuse applicant databases.

Recruiters process sensitive employment data and must maintain strong verification and privacy practices.

---

X. Liability of Current or Former Employers

A current or former employer may become involved if it improperly releases a person’s employment records or certificates to someone else.

Examples:

1. HR releases certificate of employment to an unauthorized person;
2. payroll records are leaked;
3. employee files are copied by a recruiter;
4. IDs or onboarding documents are reused;
5. former employee data is sold or shared;
6. insider uses applicant files for fake job applications;
7. background-check data is mishandled.

If the identity misuse resulted from poor data security or unauthorized disclosure, the employer or data controller may face liability.

---

XI. Data Privacy Analysis

Unauthorized job application using another person’s identity is often a data privacy issue because it involves collection, use, storage, sharing, or disclosure of personal information without lawful basis.

A. Personal Information Controller and Processor

An employer, recruiter, or job platform may be a personal information controller or processor depending on its role. It must handle applicant data according to lawful purposes, transparency, proportionality, security, and data subject rights.

B. Consent and Lawful Basis

Consent is not always the only lawful basis for employment data processing, but unauthorized use of another person’s identity usually lacks any lawful basis as to the impersonator.

If a recruiter or third party submits someone’s data without consent or authority, the processing may be unlawful.

C. Data Subject Rights

The victim may exercise rights such as:

1. right to be informed;
2. right to access;
3. right to object;
4. right to erasure or blocking;
5. right to rectification;
6. right to damages;
7. right to file a complaint;
8. right to data portability, where applicable.

The victim may ask the employer or recruiter to confirm whether their data was processed and to correct or delete unauthorized records.

D. Security Measures

Employers and recruiters should implement measures such as:

1. identity verification;
2. access controls;
3. audit logs;
4. secure applicant tracking systems;
5. limited retention periods;
6. background-check vendor controls;
7. staff training;
8. breach response procedures;
9. secure deletion;
10. verification of authorization before releasing records.

E. Data Breach Concerns

If the unauthorized application involved leaked IDs, resumes, or documents from a database, there may be a personal data breach. The responsible organization may need to investigate, contain, notify, and remediate depending on risk and legal requirements.

---

XII. Unauthorized Use of Government IDs

Using another person’s government ID in a job application is a serious red flag.

Possible consequences include:

1. identity theft complaint;
2. falsification complaint;
3. report to issuing agency;
4. invalid employment onboarding;
5. payroll fraud;
6. SIM or e-wallet misuse;
7. tax record confusion;
8. benefits record issues;
9. bank account or loan fraud;
10. background-check contamination.

The victim should consider reporting compromised IDs to the issuing agencies and monitoring accounts.

---

XIII. Unauthorized Use of TIN, SSS, PhilHealth, and Pag-IBIG Numbers

If the impersonator uses the victim’s government numbers for employment, the victim’s records may become inaccurate.

Possible issues:

1. false employer contributions;
2. missing actual contributions;
3. incorrect employment history;
4. false salary credits;
5. tax withholding under victim’s name;
6. BIR Form 2316 issues;
7. benefit claim confusion;
8. loan or calamity loan misuse;
9. maternity, sickness, disability, or other benefit complications;
10. employer reporting errors.

The victim should request correction with the relevant agency if false records appear.

---

XIV. Unauthorized Use of Tax Information

If the impersonator is employed under the victim’s identity, income may be reported under the victim’s tax records.

This may cause:

1. incorrect taxable income;
2. withholding tax issues;
3. unexplained income;
4. conflicting BIR Form 2316 records;
5. audit concerns;
6. difficulty in employment transfer;
7. wrong employer record;
8. refund or deficiency complications.

The victim should document the identity misuse and request correction through proper channels.

---

XV. Unauthorized Use of Professional License

Using another person’s professional license in employment can create severe consequences.

The victim may be falsely associated with:

1. malpractice;
2. professional misconduct;
3. defective work;
4. patient harm;
5. engineering or architectural failure;
6. accounting fraud;
7. teaching misconduct;
8. unauthorized signing of documents;
9. regulatory violations;
10. criminal investigation.

The victim should immediately notify the employer, relevant professional regulator, and law enforcement if the license is misused.

---

XVI. Unauthorized Job Application by a Family Member

Family relationship does not automatically create authority to use identity documents.

A family member may say:

1. “I only borrowed your name.”
2. “I thought it was okay.”
3. “We are siblings.”
4. “You were not using the job anyway.”
5. “I needed work.”
6. “I used your credentials because we look alike.”
7. “I planned to tell you later.”

These explanations do not necessarily excuse unauthorized identity use.

However, the victim may choose civil, administrative, or family settlement approaches depending on the damage, intent, and risk. If government IDs, payroll, taxes, benefits, or professional licenses are involved, formal correction and reporting may still be necessary.

---

XVII. Unauthorized Job Application by a Recruiter

A recruiter may submit a person’s resume to employers without consent. This can damage the applicant’s reputation, especially if the current employer finds out, if the person is bound by confidentiality obligations, or if the recruiter modifies the resume.

The victim may demand:

1. identification of employers contacted;
2. withdrawal of unauthorized applications;
3. deletion of personal data;
4. correction of records;
5. disclosure of data sources;
6. undertaking not to reuse data;
7. damages if harm occurred.

If the recruiter used IDs, certificates, signatures, or forged consent, stronger remedies may be available.

---

XVIII. Unauthorized Job Application by a Current Employer or Competitor

A malicious current employer, co-worker, or competitor may submit applications in the victim’s name to create the impression that the person is job hunting, disloyal, or violating a non-compete or confidentiality obligation.

This may involve harassment, unfair labor practice context, defamation, privacy violation, or malicious interference with employment.

Evidence is critical, especially email headers, IP logs, account access logs, recruiter communications, and witness statements.

---

XIX. Unauthorized Job Application for Remote Work

Remote hiring creates special risks.

An impersonator may:

1. use the victim’s digital profile;
2. use deepfake or edited photos;
3. submit scanned IDs;
4. use a different person for interview;
5. outsource work to someone else after hiring;
6. use the victim’s name for payroll;
7. receive company equipment at another address;
8. pass background checks using stolen data;
9. use fake references;
10. use the victim’s bank account or a mule account.

Employers should implement stronger verification for remote roles.

---

XX. Unauthorized Job Application Through Job Platforms

If the misuse occurred on a job platform, the victim should report it to the platform immediately.

The report should request:

1. takedown of fake profile;
2. preservation of logs;
3. disclosure through lawful process;
4. blocking of the impersonator;
5. deletion of unauthorized data;
6. confirmation of employers contacted;
7. security review;
8. prevention of future misuse.

The platform may not disclose all information directly due to privacy rules, but it can preserve records for authorities.

---

XXI. Unauthorized Use of Email or Social Media Accounts

If the impersonator accessed the victim’s email, job portal, LinkedIn, or social media account, the issue becomes account compromise.

The victim should:

1. change passwords immediately;
2. enable two-factor authentication;
3. log out all sessions;
4. check recovery email and phone number;
5. review sent messages;
6. review account activity logs;
7. delete unauthorized applications only after preserving evidence;
8. notify platforms;
9. notify affected employers;
10. scan devices for malware;
11. report identity theft.

Unauthorized access strengthens the cybercrime aspect.

---

XXII. Employer Discovery After Hiring

If an employer discovers that an employee was hired under another person’s identity, it should act carefully.

Steps may include:

1. suspend access pending investigation;
2. verify the worker’s true identity;
3. preserve application documents;
4. secure company equipment;
5. review payroll payments;
6. investigate whether clients were affected;
7. check whether professional credentials were misused;
8. notify the real identity owner if appropriate;
9. correct government reports;
10. consider termination for fraud;
11. file criminal or civil complaint if warranted;
12. review recruitment controls;
13. assess data breach obligations.

The employer should avoid withholding legally earned wages without proper basis, but may pursue recovery for fraud or damages where justified.

---

XXIII. Victim’s Immediate Steps

A person who discovers unauthorized job application using their identity should act quickly.

Step 1: Preserve Evidence

Save:

1. email from employer or recruiter;
2. screenshots of fake application;
3. job platform profile;
4. messages from the impersonator;
5. employer communications;
6. copies of documents used;
7. dates and times;
8. sender email addresses;
9. phone numbers;
10. links and URLs;
11. IP-related information if available;
12. payment or payroll evidence;
13. fake signatures;
14. interview schedules;
15. job offer letters;
16. onboarding forms.

Do not delete suspicious applications until evidence is preserved.

Step 2: Notify the Employer or Recruiter

Send a written notice stating that the application was unauthorized and that the victim did not consent to the use of their identity or documents.

Request:

1. suspension of processing;
2. preservation of records;
3. deletion or blocking of unauthorized data after investigation;
4. written confirmation;
5. identification of documents submitted;
6. confirmation whether any employment, payroll, or benefits record was created;
7. correction of records;
8. contact information of data protection officer or HR investigator.

Step 3: Secure Personal Accounts

Change passwords, enable two-factor authentication, check account logs, and revoke unknown sessions.

Step 4: Report Compromised Documents

If government IDs, TIN, SSS, PhilHealth, Pag-IBIG, passport, PRC license, or bank details were used, consider reporting to the relevant agencies.

Step 5: File a Police, NBI, or Cybercrime Report

If there is identity theft, online impersonation, fraud, or forged documents, formal reporting may be necessary.

Step 6: File Data Privacy Complaint if Appropriate

If an organization mishandled personal data, refused access or correction, or allowed unauthorized processing, the victim may consider a data privacy complaint.

Step 7: Monitor Financial and Employment Records

Monitor bank accounts, e-wallets, loans, tax records, government contributions, job platforms, and professional license records.

---

XXIV. Notice Letter to Employer or Recruiter

A victim may send a letter like this:

Subject: Unauthorized Use of My Identity in Job Application

Dear [Employer/Recruiter]:

I recently learned that a job application was submitted to your company using my name and/or personal information. I did not submit, authorize, or consent to this application.

I request that you immediately suspend processing of the application, preserve all records related to it, and confirm what personal information and documents were submitted under my identity.

Please also confirm whether any employment, payroll, tax, benefits, system access, or background-check record was created under my name. If any record was created, I request correction, blocking, or deletion as appropriate, without prejudice to preservation of evidence for investigation.

Kindly provide the contact details of the person or office handling this matter.

This letter is sent to protect my identity, privacy, employment record, and legal rights.

Sincerely, [Name]

---

XXV. Demand Letter to the Impersonator

If the impersonator is known, the victim may demand:

1. immediate cessation of identity use;
2. withdrawal of all applications;
3. return or destruction of documents;
4. list of employers contacted;
5. written undertaking not to repeat;
6. correction of records;
7. reimbursement of expenses;
8. indemnity for damages;
9. settlement, if appropriate.

A sample demand:

Subject: Demand to Cease Unauthorized Use of Identity

Dear [Name]:

It has come to my attention that you used my name, personal information, documents, and/or credentials in connection with a job application without my consent.

I demand that you immediately cease using my identity, withdraw all applications submitted under my name, disclose all employers, recruiters, platforms, and third parties to whom my information was submitted, and return or permanently delete all copies of my personal documents.

I further demand that you cooperate in correcting all records created under my name and compensate me for any damage, expense, or liability caused by your unauthorized acts.

This demand is without prejudice to the filing of criminal, civil, administrative, data privacy, and other complaints.

Sincerely, [Name]

---

XXVI. Complaint-Affidavit Outline

A complaint-affidavit may state:

1. complainant’s identity;
2. respondent’s identity, if known;
3. relationship between complainant and respondent, if any;
4. how complainant discovered the unauthorized application;
5. what personal information was used;
6. what documents were submitted;
7. what job, employer, or platform was involved;
8. whether the complainant consented;
9. how the respondent obtained the information, if known;
10. false statements made;
11. forged signatures or documents;
12. salary, benefit, or property obtained, if any;
13. damage caused;
14. steps taken to correct records;
15. attached evidence;
16. request for investigation and prosecution.

The affidavit should be factual and chronological.

---

XXVII. Evidence Checklist

The victim should gather:

1. copy of unauthorized job application;
2. job posting;
3. employer or recruiter email;
4. fake profile screenshots;
5. application confirmation emails;
6. resume used;
7. ID copies used;
8. forged signatures;
9. employment contract or job offer, if any;
10. background-check request;
11. onboarding forms;
12. payroll forms;
13. tax or benefits records;
14. platform account logs;
15. email headers;
16. phone numbers used;
17. IP logs, if available through lawful process;
18. witness statements;
19. messages from respondent;
20. proof that victim did not apply;
21. proof of victim’s actual employment or location at the time;
22. employer confirmation letter;
23. police or platform reports;
24. damage records;
25. screenshots showing dates and URLs.

---

XXVIII. Where to File Complaints

Depending on facts, complaints may be filed with:

1. employer or recruiter’s HR, compliance, or data protection office;
2. job platform support or abuse reporting channel;
3. barangay, if appropriate for initial documentation or settlement;
4. police station for blotter and criminal referral;
5. cybercrime unit, if online accounts or ICT were used;
6. National Bureau of Investigation, especially for identity theft, cybercrime, or organized fraud;
7. City or Provincial Prosecutor for criminal complaint;
8. National Privacy Commission for data privacy violations;
9. Professional Regulation Commission if a professional license was misused;
10. SSS, PhilHealth, Pag-IBIG, or BIR for record correction;
11. bank or e-wallet provider if financial accounts were used;
12. regular courts for civil damages or injunction.

The correct forum depends on whether the priority is stopping the application, correcting records, prosecuting the offender, recovering damages, or addressing data misuse.

---

XXIX. Barangay Considerations

If the impersonator is known and resides in the same city or municipality, barangay conciliation may be required for certain civil disputes before court action.

However, serious criminal cases involving cybercrime, falsification, identity theft, or offenses beyond barangay authority should be reported to proper law enforcement or prosecutors.

Barangay proceedings may still help document admissions and settlement terms.

---

XXX. Police Blotter

A police blotter may be useful to document the incident quickly, especially when the victim needs proof for employers, banks, platforms, or government agencies.

However, a blotter is not the same as a full criminal complaint. For prosecution, the victim generally needs affidavits and supporting evidence.

---

XXXI. Data Privacy Complaint

A data privacy complaint may be appropriate if:

1. an employer or recruiter processed the victim’s data without lawful basis;
2. a recruiter submitted the victim’s data without authority;
3. a company refused to provide access to records;
4. a company refused correction or deletion;
5. a data breach exposed the victim’s documents;
6. an employee or insider leaked applicant data;
7. job platform security failed;
8. personal data was retained or reused improperly;
9. sensitive data was disclosed to unauthorized parties;
10. the organization failed to respond to the victim’s rights request.

The victim should first send a written request to the organization, preserve proof, and then escalate if unresolved.

---

XXXII. Civil Action for Damages

A civil case may be considered when the victim suffered serious harm.

Examples of compensable harm may include:

1. lost employment opportunity;
2. termination or disciplinary action due to mistaken identity;
3. reputational damage;
4. professional license investigation;
5. financial loss;
6. tax or benefits correction expenses;
7. psychological or emotional harm in legally recognized cases;
8. legal fees;
9. cost of identity restoration;
10. damage caused by false employment records.

Civil claims are stronger when there is clear evidence of unauthorized use, malice, negligence, and actual harm.

---

XXXIII. Injunction and Takedown

If the impersonator continues using the victim’s identity, the victim may seek takedown through platforms and, in serious cases, injunctive relief.

Possible relief includes:

1. order to stop identity use;
2. removal of fake profiles;
3. withdrawal of applications;
4. deletion or blocking of unlawful records;
5. return of documents;
6. prohibition on contacting employers;
7. preservation of evidence;
8. correction of public or employment records.

Court action may be needed if voluntary takedown fails.

---

XXXIV. Correcting Employment Records

The victim should request written confirmation that the employer or recruiter has corrected records.

Correction may include:

1. marking application as fraudulent or unauthorized;
2. deleting applicant profile where lawful;
3. blocking further processing;
4. correcting background-check vendor records;
5. canceling employee ID or system account;
6. reversing payroll records;
7. correcting tax submissions;
8. correcting benefit contributions;
9. notifying clients or departments that identity was misused;
10. providing victim with confirmation letter.

A written confirmation helps the victim avoid future problems.

---

XXXV. Correcting Government Records

If false employment records reached government agencies, the victim may need to correct them.

A. BIR

If income or withholding was reported under the victim’s TIN, the victim may need to dispute the record and submit proof of identity misuse.

B. SSS

If contributions or employment history were posted under the victim’s SSS number, correction may be requested.

C. PhilHealth

If employer remittances or benefit use were incorrectly made under the victim’s PhilHealth number, the records should be corrected.

D. Pag-IBIG

If contributions, loans, or employer records were affected, correction should be requested.

E. PRC

If a professional license was misused, the professional should notify the regulator and request protective notation or investigation where appropriate.

---

XXXVI. If Salary Was Paid Under the Victim’s Name

If an impersonator actually worked and received salary under the victim’s name, the situation is serious.

Questions to resolve include:

1. who received the salary;
2. what bank account was used;
3. whether the bank account was under the victim’s name;
4. whether payroll forms were forged;
5. whether tax was withheld;
6. whether benefits were remitted;
7. whether employment contract was signed;
8. whether company property was issued;
9. whether misconduct occurred during employment;
10. whether the victim is being blamed.

The victim should immediately notify the employer in writing and request correction of all records.

---

XXXVII. If Company Equipment Was Issued

If the impersonator obtained laptop, phone, ID, uniform, access card, tools, vehicle, or other property under the victim’s name, the victim should ensure the employer does not charge them for loss.

The victim should demand written confirmation that the property was not issued to them personally and that any accountability belongs to the impersonator.

---

XXXVIII. If the Victim Is Accused by the Employer

Sometimes the employer suspects the real identity owner participated in the fraud.

The victim should respond calmly and in writing:

1. deny unauthorized application if true;
2. provide proof of non-participation;
3. request copies of documents used;
4. request preservation of records;
5. ask for investigation;
6. avoid signing admissions;
7. request legal counsel if serious;
8. file identity theft report;
9. provide police blotter or complaint once available.

The victim should not ignore the accusation because silence may allow false records to remain.

---

XXXIX. If the Victim’s Current Employer Finds Out

If a fake job application is sent to another company and the victim’s current employer learns about it, the victim may face suspicion of job hunting, conflict of interest, or breach of employment terms.

The victim should:

1. explain in writing that the application was unauthorized;
2. provide proof, if available;
3. request confidentiality;
4. file a report if necessary;
5. ask the receiving employer to confirm unauthorized use;
6. preserve all communications.

If the current employer takes adverse action based on a fake application, labor remedies may become relevant.

---

XL. If the Application Was Submitted by an AI, Bot, or Automated System

Some platforms or services may submit applications automatically using stored resumes or scraped profiles. If this happens without consent, the victim may demand:

1. deletion of profile;
2. disclosure of data source;
3. list of employers contacted;
4. withdrawal of applications;
5. correction of records;
6. explanation of automated processing;
7. proof of consent relied upon;
8. damages if harm occurred.

Automated submission does not excuse unlawful processing.

---

XLI. If the Victim Previously Gave the Resume to Someone

A person may have once shared a resume with a recruiter, friend, school office, former employer, or job platform. That does not automatically authorize indefinite or unrelated use.

Consent may be limited by:

1. purpose;
2. time;
3. recipient;
4. position applied for;
5. geographic scope;
6. type of employer;
7. withdrawal of consent;
8. confidentiality expectations.

A recruiter who reuses old resumes without authority may still face liability.

---

XLII. If There Was Consent but Scope Was Exceeded

Sometimes the victim consented to one application, but the recruiter used the data for many other applications or modified the identity details.

This may be unauthorized beyond the consent given.

Examples:

1. applicant authorized submission to Company A only, but recruiter submitted to Companies B to Z;
2. applicant authorized use of resume but not government IDs;
3. applicant authorized local job applications but recruiter submitted overseas applications;
4. applicant authorized one position but recruiter applied for another;
5. applicant withdrew consent but recruiter continued submitting;
6. recruiter changed salary history or credentials.

The victim may demand correction, withdrawal, deletion, and accounting.

---

XLIII. If a School or Training Center Submitted Applications Without Consent

Some schools, bootcamps, training centers, or placement offices may submit graduate profiles to employers. This may be acceptable if authorized, but problematic if done without consent or with false information.

The student or graduate may demand:

1. copy of consent form;
2. list of employers contacted;
3. correction of inaccurate records;
4. withdrawal of unauthorized applications;
5. deletion of documents;
6. assurance against future use.

If the school or training center misused IDs or credentials, stronger remedies may apply.

---

XLIV. If the Application Used a Fake Signature

A forged signature is strong evidence of unauthorized action.

The victim should preserve:

1. the document with signature;
2. genuine specimen signatures;
3. emails transmitting the document;
4. identity of person who submitted it;
5. date and platform used;
6. witnesses;
7. notarization details if notarized.

Forgery may support criminal and civil action.

---

XLV. If the Application Used a Fake Authorization Letter

Some impersonators submit authorization letters claiming the victim allowed them to act.

The victim should immediately deny the authorization in writing and request a copy. If the signature is forged, this may support falsification or use of falsified document.

---

XLVI. If the Application Used Real Documents Obtained Earlier

The impersonator may have obtained real documents from:

1. previous job applications;
2. school records;
3. shared family files;
4. old email attachments;
5. cloud storage;
6. photocopy shops;
7. recruitment agencies;
8. former employers;
9. social media posts;
10. lost wallet;
11. hacked accounts;
12. discarded documents.

The victim should determine the source to prevent further misuse.

---

XLVII. Preventive Measures for Individuals

Individuals should protect identity documents by:

1. watermarking ID copies with purpose and date;
2. avoiding unnecessary sharing of IDs;
3. sending documents only through secure channels;
4. asking who will access the documents;
5. keeping a list of recruiters and employers who received documents;
6. deleting old resumes from inactive platforms;
7. using strong passwords;
8. enabling two-factor authentication;
9. monitoring email for application confirmations;
10. checking job platform accounts;
11. avoiding public posting of full resume with address and ID numbers;
12. redacting sensitive numbers where not required;
13. refusing to send OTPs;
14. reporting lost IDs;
15. securely shredding old documents;
16. monitoring government contribution records;
17. checking professional license records;
18. keeping copies of submitted job applications.

---

XLVIII. Preventive Measures for Employers

Employers should:

1. verify identity before onboarding;
2. compare applicant photo with live person;
3. verify government IDs;
4. verify professional licenses;
5. conduct reference checks carefully;
6. require direct applicant confirmation;
7. avoid relying solely on recruiters;
8. use secure applicant tracking systems;
9. limit access to applicant data;
10. train HR staff on identity fraud;
11. maintain audit logs;
12. verify bank account ownership;
13. verify remote workers through live checks;
14. detect duplicate applications;
15. require signed consent for background checks;
16. confirm authority when applications come through recruiters;
17. promptly investigate identity misuse reports;
18. retain evidence lawfully;
19. correct false records quickly;
20. review vendor data privacy agreements.

---

XLIX. Preventive Measures for Recruiters

Recruiters should:

1. obtain written consent before submitting candidates;
2. submit candidates only to authorized employers;
3. avoid modifying identity details;
4. keep consent records;
5. verify candidate identity;
6. use secure storage;
7. avoid reusing old resumes without permission;
8. delete data when no longer needed;
9. identify themselves clearly to candidates;
10. disclose employers to whom data is sent;
11. avoid fake candidate submissions;
12. train staff on data privacy;
13. audit recruiter activity;
14. prohibit use of personal email for candidate data;
15. respond promptly to withdrawal or deletion requests.

---

L. Red Flags for Employers

Employers should investigate if:

1. applicant refuses live video or in-person verification;
2. applicant’s ID photo does not match;
3. email address differs from name;
4. phone number is shared by several applicants;
5. bank account name differs from applicant;
6. interviewee looks or sounds different from ID;
7. documents have inconsistent birthdates;
8. resume history is too polished or copied;
9. professional license does not match applicant;
10. applicant cannot discuss claimed experience;
11. reference contacts seem fake;
12. multiple candidates use the same documents;
13. applicant avoids background check;
14. application comes from suspicious recruiter;
15. digital signature appears pasted;
16. applicant asks equipment to be sent to unrelated address.

---

LI. Red Flags for Individuals

A person should be alert if they receive:

1. interview invitations for jobs they did not apply for;
2. application confirmation emails from unknown companies;
3. background-check requests they did not authorize;
4. calls from recruiters about unknown applications;
5. SSS, PhilHealth, Pag-IBIG, or BIR records showing unknown employer;
6. job offer letters they did not request;
7. password reset emails from job platforms;
8. notices about company equipment under their name;
9. professional license verification requests;
10. loan or payroll account messages;
11. messages from strangers claiming to be HR;
12. emails about onboarding or medical examination.

These may indicate identity misuse.

---

LII. Settlement

Settlement may be possible if the impersonator is known and the damage can be corrected.

A settlement should include:

1. admission or acknowledgment of unauthorized use, if agreed;
2. list of employers contacted;
3. withdrawal of applications;
4. return or deletion of documents;
5. correction of records;
6. reimbursement of expenses;
7. compensation for damages, if any;
8. undertaking not to repeat;
9. confidentiality, if appropriate;
10. cooperation with government record correction;
11. consequences for breach.

The victim should not sign a settlement that falsely states consent was given if it was not.

---

LIII. Affidavit of Desistance

If criminal proceedings are involved, the impersonator may ask the victim to sign an affidavit of desistance after apology or settlement.

An affidavit of desistance does not automatically end a criminal case. Public offenses may continue if evidence supports prosecution.

The victim should be careful before signing, especially if government records, professional licenses, employer records, or third-party victims are involved.

---

LIV. Public Posting and Defamation Risk

Victims may want to warn others online. They should be cautious.

To reduce risk:

1. state facts only;
2. avoid unsupported accusations;
3. avoid insults;
4. avoid publishing sensitive IDs;
5. avoid doxxing addresses of family members;
6. say “unauthorized application using my identity was reported” rather than declaring guilt before investigation;
7. preserve evidence before posting;
8. file formal reports where appropriate.

Public posting may help stop harm but can create legal complications if careless.

---

LV. Time Limits and Delay

Victims should act promptly. Delay may cause:

1. deletion of online records;
2. loss of platform logs;
3. payroll reporting complications;
4. tax problems;
5. benefit record errors;
6. spread of personal documents;
7. further applications;
8. difficulty proving non-consent;
9. reputational damage;
10. legal prescription issues.

Immediate written notices and reports are important.

---

LVI. Key Legal Principles

The main principles are:

1. A person’s identity cannot be used for job applications without consent.
2. Employment data is personal information and must be processed lawfully.
3. Family relationship does not automatically authorize identity use.
4. Recruiters need authority before submitting a candidate.
5. Online identity misuse may involve cybercrime.
6. Forged signatures and fake documents may support falsification charges.
7. Receiving salary, equipment, or benefits through another identity may support fraud claims.
8. Professional license misuse is especially serious.
9. Employers must verify identity and correct false records.
10. Victims should preserve evidence before deletion.
11. Government records must be corrected if affected.
12. A police blotter is useful but not the same as prosecution.
13. Data privacy complaints may be available against organizations that mishandled data.
14. Civil damages may be claimed if harm is proven.
15. Settlement should include record correction and non-repetition.
16. Public accusations should be made carefully to avoid defamation risk.
17. Prompt action reduces further identity harm.
18. Strong identity verification protects both employers and applicants.
19. Unauthorized job applications can affect taxes, benefits, licenses, and reputation.
20. The proper remedy depends on whether the wrongdoer is an impersonator, recruiter, employer, insider, platform, or family member.

---

LVII. Recommended Immediate Action Plan

A victim should generally:

1. preserve all evidence of the unauthorized application;
2. notify the employer, recruiter, or platform in writing;
3. demand suspension of processing and preservation of records;
4. ask what documents and information were submitted;
5. request correction, blocking, or deletion of unauthorized records;
6. secure email, job platform, and social media accounts;
7. change passwords and enable two-factor authentication;
8. report compromised IDs to relevant agencies;
9. monitor tax, SSS, PhilHealth, Pag-IBIG, bank, and e-wallet records;
10. file a police, NBI, or cybercrime report if identity theft or fraud is involved;
11. file a data privacy complaint if an organization mishandled data;
12. notify professional regulators if a license was misused;
13. send a demand letter to the impersonator if known;
14. seek correction letters from employers or platforms;
15. consult counsel if there is serious damage, forged documents, payroll fraud, professional license misuse, or criminal accusation.

---

LVIII. Conclusion

Unauthorized job application using another person’s identity in the Philippines is a serious legal problem. It may begin as a fake resume or online application, but it can quickly affect employment records, payroll, taxes, government contributions, professional licenses, reputation, and financial security.

The act may give rise to criminal, civil, administrative, cybercrime, and data privacy remedies. The impersonator may face liability for identity misuse, falsification, fraud, and related offenses. Recruiters, employers, platforms, or insiders may also face liability if they unlawfully processed or disclosed personal data, ignored verification duties, or failed to correct records after notice.

For victims, the priorities are evidence preservation, immediate written notice, account security, record correction, and formal reporting where necessary. For employers and recruiters, strong identity verification and lawful data handling are essential. In modern hiring, a resume is not just a document; it is a bundle of personal identity, professional reputation, and legal rights. Using it without authority can create consequences far beyond a failed job application.