What Employers May Disclose About a Former Employee: Reference Checks, Privacy, and Defamation

1) Why this topic matters

In the Philippines, employers routinely receive reference-check requests—sometimes informal (a quick call to a supervisor), sometimes formal (a written verification request). What the former employer says can affect a person’s livelihood, and it can expose the employer (and individual speakers) to liability if the disclosure is unlawful, inaccurate, excessive, or malicious. The legal risk typically clusters around three areas:

  1. Privacy and data protection (primarily the Data Privacy Act of 2012 and related principles)
  2. Defamation and related tort liability (civil and criminal)
  3. Labor and employment compliance (records, certificates, clearances, and fair dealing)

This article maps what a former employer may disclose, what it should not disclose, and how to handle reference checks safely—grounded in Philippine legal concepts and practical HR realities.

2) The basic framework: there is no single “reference law,” but multiple duties apply

Philippine law does not have a single statute that exhaustively defines what a former employer may say during reference checks. Instead, legality depends on overlapping rules:

  • Data Privacy Act of 2012 (RA 10173) and the general data privacy principles (transparency, legitimate purpose, proportionality), plus confidentiality and security obligations.
  • Civil Code rules on damages and quasi-delict (torts), abuse of rights, and obligations to act with justice and good faith.
  • Revised Penal Code provisions on libel and slander, plus related doctrines on privileged communications.
  • Cybercrime Prevention Act (RA 10175) when defamatory statements are made online (e.g., email, chat apps, social media).
  • Labor standards and good faith dealing in employment relationships, including practices around employment documents (e.g., employment verification and certificates).
  • Contractual obligations (non-disparagement clauses, settlement agreements, confidentiality provisions, codes of conduct, and company policies).

Because these rules overlap, the safest disclosures are those that are:

  • Truthful
  • Relevant
  • Limited to what is necessary
  • Made in good faith
  • Given to a recipient with a legitimate interest
  • Documented and consistent with policy

3) What information is usually lawful to disclose (and why)

A. Employment verification (“neutral reference”)

Most employers in the Philippines adopt a neutral reference policy: confirm only objective facts. This is generally lawful if the disclosure is limited and for a legitimate purpose.

Commonly disclosed items:

  • Dates of employment (start and end)
  • Position title(s) and department
  • Employment status (regular/probationary/project-based, if asked and relevant)
  • Basic job description (high-level)
  • Last known work location
  • Whether the employee resigned/was separated (sometimes, but see cautions below)
  • Eligibility for rehire (sometimes used, but can be risky without clear criteria)

Why this is usually safe:

  • It is objective, easier to prove, less likely to be defamatory, and easier to justify under data privacy proportionality.

B. Compensation information (more sensitive)

Disclosing salary, bonuses, benefits, or allowances is not automatically illegal, but it is high-risk and often unnecessary. Compensation is personal information that can be misused and can be considered excessive for a typical reference check.

Safer practice:

  • Disclose compensation only with clear written authorization from the former employee, or when legally required (e.g., certain government audits or lawful processes).

C. Performance and conduct information (conditionally permissible)

An employer may disclose performance-related information if it is:

  • Truthful
  • Based on documented records
  • Relevant to the inquiry
  • Communicated to a recipient with a legitimate interest
  • Made in good faith and without malice
  • Proportionate (no oversharing)

Examples that are more defensible:

  • “Met sales targets in Q1–Q2; did not meet targets in Q3–Q4 based on documented KPIs.”
  • “Had documented attendance infractions recorded in HR memos on [dates].”
  • “Was issued written warnings for [work-related misconduct], with due process documentation.”

Key point: As disclosures become more evaluative or negative, defamation risk rises and privacy proportionality becomes stricter.

D. Reason for separation (especially sensitive)

Disclosing the reason for separation (e.g., resignation, redundancy, termination for cause) can be lawful if true and properly documented, but it is among the most litigated areas because it can seriously harm reputation.

Safer approach:

  • If asked, give a carefully worded, factual, non-editorial answer supported by records:

    • “Separated due to redundancy under a company reorganization.”
    • “Employment ended upon resignation effective [date].”
    • “Employment ended following termination with documented grounds and completed internal process.”

Avoid:

  • Character judgments (“dishonest,” “thief,” “immoral”) unless there is a final and documented basis that can be defended, and even then, disclose only what is strictly necessary and in a privileged context.

4) What employers should not disclose (or should disclose only in rare, justified cases)

A. Irrelevant personal data

Avoid disclosing anything not necessary for the reference purpose, such as:

  • Home address, personal phone, personal email
  • Family details (marital status, spouse, children)
  • Health information, medical history, disabilities
  • Religious or political affiliations
  • Sexual orientation or intimate relationships
  • Personal financial problems (debts, loans), unless directly relevant and lawfully requested (rare)

These are either sensitive, irrelevant, or both—and can violate privacy proportionality.

B. Rumors, unverified allegations, and “office talk”

Sharing rumors is a common source of defamation claims. Even if a manager “heard” something, repeating it to a prospective employer can be treated as publication of a defamatory imputation.

Rule of thumb:

  • If it is not documented and verified, don’t disclose it.

C. Pending complaints, investigations, or non-final findings

Disclosing “ongoing investigation” details is risky:

  • It may be inaccurate.
  • It may be unfair and disproportionate.
  • It may expose the employer to claims of malicious imputation.

If absolutely necessary (e.g., regulated roles with safety implications), keep it minimal and factual, and consider legal counsel.

D. Settlement/compromise terms and confidential HR matters

If there is a settlement agreement, compromise, or confidentiality clause, disclosures may be contractually restricted. Even without explicit confidentiality, it is often disproportionate to disclose settlement details.

E. Blacklisting, coordinated industry blocking, or retaliation

Practices aimed at preventing a former employee from getting work (beyond factual verification) can trigger multiple liabilities—privacy issues, abuse of rights, damages, and potentially labor-related claims depending on context.

5) Data Privacy Act (RA 10173): how it shapes reference checks

Even when a disclosure is not defamatory, it can still be unlawful if it violates data privacy principles.

A. Personal information involved in reference checks

Reference checks often involve:

  • Personal information (employment dates, role)
  • Sensitive personal information (health, discipline tied to sensitive matters, or other categories depending on the specifics)
  • Privileged information (attorney-client communications, if any)

B. Core privacy principles that matter most

1) Transparency The former employee should not be blindsided. Employers should ensure employees are informed (via privacy notices, employment contracts, handbooks) that employment data may be used for lawful HR purposes including employment verification.

2) Legitimate purpose Disclosures must be for a specific, lawful purpose—e.g., verifying employment for recruitment due diligence.

3) Proportionality Share only what is necessary to fulfill the purpose. Oversharing (e.g., full disciplinary history when only employment dates were requested) is a classic proportionality violation.

C. Consent: helpful but not always the only basis

In practice, many employers rely on written authorization/consent from the former employee (often a signed release in the application process). This is not a magic shield, but it helps demonstrate transparency and reduces disputes.

Even with consent:

  • You still must comply with proportionality and security.
  • You should still avoid defamatory content or malicious framing.

D. Security and confidentiality controls

Employers should treat reference data as controlled HR information:

  • Verify the requester’s identity and authority.
  • Limit who can respond (HR, designated officers).
  • Use secure channels; avoid public posts or casual group chats.
  • Keep logs (who requested, what was disclosed, when, and by whom).

6) Defamation risk: libel, slander, and privileged communications

A. Defamation basics in employment references

Defamation generally involves:

  • A statement imputing a discreditable act/condition/trait
  • Publication to a third person
  • Identification of the person
  • Malice (presumed in many cases, but affected by privilege)

In reference checks, publication is easy: one email or phone call to a prospective employer counts.

B. Truth is not always enough (practically and legally)

Even if a statement is true, phrasing and context matter:

  • Truth plus good faith and proper motive is far safer than “truth used as a weapon.”
  • Overbroad or inflammatory wording can be treated as malicious, especially if unnecessary for the purpose.

C. Qualified privilege: a major protection if used properly

Employment references often fall under the idea of qualified privileged communication: communications made in good faith on a subject in which the speaker and the recipient have a shared interest or duty (e.g., prospective employer assessing a candidate).

Qualified privilege generally helps when:

  • The recipient has a legitimate interest (HR/recruiter/hiring manager)
  • The information is relevant and limited
  • The speaker acts in good faith
  • There is no malice or reckless disregard for truth

Privilege can be lost if:

  • The employer acts with malice
  • The employer knowingly lies or recklessly ignores the truth
  • The employer shares beyond those with a legitimate interest (e.g., blasts it to a group chat, social media, or unrelated employees)
  • The disclosure is gratuitous and disproportionate

D. Cyber libel risk (RA 10175)

If negative reference statements are made through electronic means—email, messaging apps, social media—there may be additional exposure under cybercrime-related provisions for online defamation contexts. Practically, assume that written electronic statements have a higher chance of being preserved and used in complaints.

7) Civil liability: damages, abuse of rights, and negligent misstatement

Even when criminal defamation is not pursued, civil suits can arise, including claims framed as:

  • Abuse of rights (acting contrary to justice, good faith, or morals)
  • Quasi-delict/tort (negligent or malicious acts causing damage)
  • Breach of contractual confidentiality (if company commitments or settlement terms were violated)
  • Interference with economic relations (if disclosures intentionally and improperly derail employment opportunities)

Common damage theories:

  • Lost job opportunity
  • Reputational harm
  • Emotional distress
  • Exemplary damages if bad faith is shown

8) Special situations where more disclosure may be justified (but still controlled)

A. Regulated roles, safety-sensitive positions, and fiduciary duties

For positions involving:

  • Handling money, financial controls, fiduciary responsibilities
  • Safety-critical operations
  • Working with vulnerable persons

There may be a stronger argument that certain conduct-related disclosures are relevant. Still:

  • Stick to documented facts
  • Avoid character assassination
  • Limit disclosure to what’s needed for the risk being evaluated

B. Legal compulsion: subpoenas, court orders, government requests

If disclosure is required by law or lawful process:

  • Comply within the scope of the request
  • Disclose only what is demanded
  • Maintain documentation of the legal basis
  • Route through HR/legal

C. Internal references within affiliated entities

Sharing data within a corporate group can still be a disclosure under privacy principles. Treat it as a controlled transfer:

  • Confirm legitimate purpose
  • Ensure proportionality
  • Keep to need-to-know distribution

9) Practical compliance blueprint for employers (Philippine HR-ready)

A. Adopt a written reference-check policy

Key elements:

  • Designated responders only (HR or authorized officers)
  • Standard scope: dates, title, last position, basic verification
  • When performance may be discussed (only with written authorization and documentation)
  • Prohibited disclosures (sensitive personal info, rumors, medical, family, etc.)
  • Documentation: log every request and response

B. Use a standardized reference response template

For written requests:

  • Confirm identity of requester and company
  • Limit to objective facts by default
  • Include a short disclaimer such as: information is provided in good faith based on company records and limited to the stated purpose

C. Require written authorization when beyond “neutral verification”

If a prospective employer wants:

  • salary details
  • performance ratings
  • disciplinary history
  • reasons for termination

Best practice is to require:

  • signed authorization/release from the former employee, and/or
  • a formal request on company letterhead from the prospective employer

D. Train managers: “No off-the-record references”

A frequent liability trigger is a supervisor giving an informal negative reference:

  • casual calls
  • “backchannel” messaging
  • personal opinions

Training message:

  • “Route all reference checks to HR. Do not discuss former employees without authorization.”

E. Keep records consistent and defensible

If a negative fact is disclosed, it should be traceable to:

  • written evaluations
  • documented KPIs
  • memos and notices
  • HR investigation reports (careful: often confidential)
  • final administrative decisions (if any)

Inconsistency (HR says “resigned,” manager says “terminated for dishonesty”) is a red flag for malice or negligence.

10) Practical guidance for former employees (what to expect and what to do)

While the legal duties rest mainly on employers, former employees can protect themselves by:

  • Requesting a certificate of employment and keeping their employment documents organized.

  • Using application releases carefully: understand what you are authorizing.

  • If a bad reference is suspected, documenting:

    • who made the statement (if known)
    • what was said
    • to whom it was said
    • when it was said
    • resulting harm (rescinded offer, lost opportunity)

  • Seeking corrections where the disclosed information is demonstrably false.

11) Common scenarios and legally safer responses

Scenario 1: “Did the employee commit fraud?”

Risk: High (defamation + privacy + potential criminal implications). Safer response:

  • If no final, documented finding: “We can confirm employment details only.”
  • If there is a documented administrative finding and disclosure is justified: state only the minimal documented fact, avoid labels, and ensure the requester has legitimate interest and you have authorization or a strong justification.

Scenario 2: “Why did the employee leave?”

Risk: Medium to high. Safer response:

  • “Resigned effective [date].”
  • “Separated due to redundancy effective [date].”
  • Avoid editorializing.

Scenario 3: “Is the employee eligible for rehire?”

Risk: Medium (can imply misconduct). Safer response:

  • Use clear internal criteria and document them.
  • Consider limiting to: “Company policy does not provide rehire eligibility information.”

Scenario 4: “Can you send the employee’s disciplinary records?”

Risk: Very high (privacy proportionality). Safer response:

  • “We don’t disclose disciplinary records. We can confirm employment details.”
  • If compelled or authorized: provide only what’s necessary, securely, and documented.

12) A workable “best practice” rule: the Five Filters

Before disclosing anything beyond basic verification, apply five filters:

  1. Is it true and documented?
  2. Is it relevant to the requester’s legitimate purpose?
  3. Is it proportionate (only what’s necessary)?
  4. Is it shared in good faith to a legitimate recipient (need-to-know)?
  5. Is it consistent with privacy notices, policy, and any contractual confidentiality?

If any answer is “no,” do not disclose.

13) Key takeaways

  • Employers in the Philippines can generally disclose objective employment verification details, and may disclose additional information only when justified, documented, proportionate, and in good faith.
  • Privacy law pushes employers toward minimal, purpose-based disclosures with strong access controls.
  • Defamation risk rises sharply with negative statements, especially those that are unverified, gratuitous, or shared broadly.
  • The safest operational model is a centralized HR-only reference process, written policy, and neutral verification as the default.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login