Section 73 of the Revised Corporation Code (“RCC”) provides that “[corporate records, regardless of the form in which they are stored, shall be open to inspection by any director, trustee, stockholder or member of the corporation in person or by a representative at reasonable hours on business days, and a demand in writing may be made by such director, trustee or stockholder at their expense, for copies of such records or excerpts from said records.”
To enforce the right of inspection and/or reproduction of corporate records as provided in the above provision, the Securities and Exchange Commission (“SEC”) has issued Memorandum Circular 25, series of 2020, providing for the conduct of investigation for violation of the said right.
In the case of Philippine Associated Smelting and Refining Corporation v. Lim, G.R. No. 172948, 05 October 2016, the Supreme Court held as follows:
“Good faith and a legitimate purpose are presumed. It is the duty of the corporation to allege and prove with sufficient evidence the facts that give rise to a claim of bad faith as to the existence of an illegitimate purpose.
The confidentiality of business transactions is not a magical incantation that will defeat the request of a stockholder to inspect the records. Although it is true that the business is entitled to the protection of its trade secrets and other intellectual property rights, facts must be pleaded to convince the court that a specific stockholder’s request for inspection, under certain conditions, would violate the corporation’s own legal right.
Furthermore, the discomfort caused to the management of a corporation when a request for inspection is claimed is part of the regular matters that a business wanting to ensure good governance must endure. The range between discomfort and vexation is a broad one, which may tend to be located in the personalities of those involved”
.
However, a stockholder has the right to inspect corporate records, Section 73 of the RCC provides that “the inspecting or reproducing party shall remain bound by confidentiality rules under prevailing laws, such as the rules on trade secrets or processes under Republic Act No. 8293, otherwise known as the ‘Intellectual Property Code of the Philippines’, as amended, Republic Act No. 10173, otherwise known as the ‘Data Privacy Act of 2012’ Republic Act No. 8799, otherwise known as ‘The Securities Regulation Code”, and the Rules of Court’.”
Further,, “[a]ny stockholder who shall abuse the rights granted under this section shall be penalized under Section 158 of this Code, without prejudice to the provisions of the Intellectual Property Code of the Philippines and the Data Privacy Act of 2012.”
With respect to data privacy laws, the Data Privacy Act prohibits the processing of sensitive personal and privileged information, except in the following cases:
“a. The data subject has given his or her consent, specific to the purpose prior to the processing, or in the case of privileged information, all parties to the exchange have given their consent prior to processing;
b. The processing of the same is provided for by existing laws and regulations: Provided, That such regulatory enactments guarantee the protection of the sensitive personal information and the privileged information: Provided, further, that the consent of the data subjects are not required by law or regulation permitting the processing of the sensitive personal information or the privileged information;
c. The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing;
d. The processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations; Provided, That such processing is only confined and related to the bona fide membership of these organizations or their associations: Provided, further, That the sensitive personal information are not transferred to third parties; Provided, finally, that consent of the data subject was obtained prior to processing;
e. The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured; or
f. That the processing concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority.” (Emphasis supplied)
In the National Privacy Commission (“NPC”) Opinion No. 2019-01 dated 14 January 2019, the NPC recognized that inspection of corporate records under Section 73 of the RCC falls under Section 13 (b) above. The NPC also added another limitation on the right to inspect corporate records, more particularly:
“Likewise, such disclosure shall also be duly limited by any other applicable laws, rules, regulations, policies, contractual obligations on the matter, i.e., those requiring non-disclosure and confidentiality of documents and records, etc. Finally, the disclosure of the case files, if indeed warranted, shall also consider the general privacy principles of transparency, legitimate purpose, and proportionality set forth in the DPA and its IRR.”
In relation to this, NPC Advisory Opinion No. 2019-11 as discussed above states that “[t]he data subject concerned has the right to be informed of the request for disclosure.”
Based on the foregoing, to comply with the requirement of the NPC in NPC Advisory Opinion No. 2019-11, the data subjects must be informed of the request to access corporate records personal information and/or sensitive personal information of the data subjects are included therein. A notice to the data subjects must be served for this purpose.
