When a Rejection Email Becomes Evidence: The Hidden HR Liability You Cannot Ignore

The Hidden Liability Inside HR Rejection Emails

Mockup of an HR rejection email illustrating how likely discriminatory wording can create liability

The email was polite and professional—until this line appeared:

“However, due to your medical background referring to seizures (epilepsy), we have reservations.”

That single sentence created liability across three Philippine legal frameworks simultaneously. When paired with identifying information and posted online, it exposed the employer, recruiter, manager, HR department, the applicant, and even the person who shared it to significant consequences.

This is not theoretical. This is what happens when HR words become evidence.

Why One Line Created Legal Exposure: The Disability Discrimination Trap

Citing epilepsy as grounds for job rejection is legally hazardous unless very specific conditions are met. And based on this rejection email, none appear to have been present.

Under the Magna Carta for Persons with Disability (RA 7277), the Philippines has established clear protections:

“No disabled person shall be denied access to opportunities for suitable employment. Employers may provide special facilities to enable them to perform work.”

“No entity shall refuse to accept a qualified disabled person on account of his disability unless the disability is related to the particular work involved.”

SOURCE: RA 7277 – Magna Carta for PWDs

This is the Legitimate Occupational Qualification (LOQ) standard. Before rejecting someone with epilepsy, HR must:

1. Determine if the seizures actually affect essential job functions
2. Evaluate reasonable accommodations first
3. Document the analysis in writing

If your rejection email doesn’t reference any of this analysis—you’ve just created documentary evidence of discrimination.

The Data Privacy Violation Employers Don’t See Coming

Most HR teams don’t realize: including medical information in a rejection email violates the Privacy (RA 10173).

Epilepsy and seizure history count as Sensitive Personal Information (SPI). Under Section 3 of RA 10173, SPI includes:

• health information
• medical conditions
• disabilities

Under the law, processing SPI must be:

“fair, legitimate, for declared purposes, adequate, relevant, and not excessive.”

SOURCE: RA 10173 – Data Privacy Act of 2012

Putting epilepsy in a rejection email is unnecessary, excessive, and screenshot-friendly. This exposes the company to privacy complaints and gives the applicant legal ground to claim mishandling of sensitive health data.

Section 16 of RA 10173 grants applicants the right to:

• access
• correct
• dispute
• consent to or object to disclosure

Emailing medical information without explicit consent violates this section.

Why the Employer Cannot Claim “Breach of Privileged Communication” or “Violation of Privacy”

Some HR practitioners asked: “Can the company sue the applicant or the poster for sharing the rejection email?”

Likely No Here’s why.

A. Privileged Communications Are Limited by Law

Privileged communication is strictly defined under Philippine law. Employer–applicant is NOT one of the protected categories.

Revised Penal Code – Article 290
“Any person who shall discover the secrets of another without just cause shall be punished… The penalty shall not be incurred by a person who reveals such secrets in the performance of his duty or when the revelation is made in the public interest.”

This article applies to surreptitious or unlawful intrusion (e.g., wiretapping, secret recording), not to an email the employer voluntarily sent to an applicant.

Rule 130, Section 24 – Rules of Court (Privileged Communication)
“The following communications are privileged: (a) between husband and wife; (b) attorney and client; (c) physician and patient; (d) priest and penitent; (e) public officer in official confidentiality; and (f) trade secrets disclosed in judicial proceedings.”

None of these include employer–applicant communication. Therefore:

• ❌ It is not privileged communication
• ❌ The employer cannot prohibit disclosure
• ❌ There is no basis to sue for “privileged communication breach”

B. Data Privacy Act: Privacy Rights Belong to the Applicant

The applicant is the data subject under
RA 10173 – Data Privacy Act.
Section 3(g) defines a data subject as the individual “to whom personal information belongs.”

Under Section 16, data subjects have rights to:

• access
• correction
• object to processing
• consent to or share their own data

This means:

• ✔ The applicant owns the medical information contained in the email
• ✔ The applicant may share the rejection email publicly
• ✔ The applicant may authorize someone to post it

The employer cannot invoke RA 10173 to silence criticism or prevent disclosure.

C. Confidentiality Requires a Valid Agreement

Under the
Civil Code (Articles 1305–1318 on Contracts),
confidentiality only exists when:

• there is a valid contract, AND
• both parties mutually agree.

In this case, there was:

• ❌ no NDA
• ❌ no confidentiality clause
• ❌ no proprietary content

No contract → No confidentiality → No breach.

D. Evidence Rules: The Recipient May Disclose the Communication

Under long-standing Philippine evidence principles, the recipient of a communication may disclose it, unless a confidentiality agreement prohibits disclosure.

The applicant, as the email recipient, may:

• use it as evidence of discrimination
• submit it to DOLE, CHR, or NPC
• share it publicly if they wish

Conclusion: The employer has no legal basis to claim “privacy breach” or “breach of privileged communication” against the applicant or the person who posted the email.

HR Liability Rejection Email: The Ripple Effect

This section explains the immediate consequences caused solely by the wording inside the rejection email itself — before the screenshot was taken.

For the Employer:

• Potential DOLE disability discrimination investigation
• Potential CHR involvement
• Potential NPC complaint
• Brand damage in HR circles
• Loss of future candidate trust
• Perception of HR incompetence

For the Recruiter:

• Administrative investigation
• Mandatory retraining
• Loss of management trust
• Negative performance record
• Possible reassignment or termination
• Professional credibility damaged

For the HR Manager/Department:

• Seen as lacking legal literacy
• Cross-department trust declines
• Applicants become wary
• Leadership confidence erodes

For the Applicant:

• If shared without consent: SPI violation
• Emotional distress
• Stigma
• Impact on future job opportunities

The Law of Unintended Consequences: When Disclosure Hurts Everyone

This section explains the additional fallout that occurred only after the email was posted online. These are unintended consequences triggered not by the email alone — but by its public exposure without anonymization.

For the Company:

• Possible additional legal exposure
• Public stigma of discrimination
• Internal disciplinary actions for HR
• Loss of employer brand integrity

For the Recruiter and Manager:

• Possible suspension or termination
• Damage to career trajectory
• Loss of internal trust
• Increased scrutiny on future decisions

For the Applicant:

• Exposure of sensitive health information
• Long-term stigma
• Reduced digital credibility
• Future employability concerns

For the Person Who Posted the Screenshot:

• Questions about digital responsibility
• Assumptions about motive (education vs public shaming)
• Long-term digital footprint issues
• Credibility impact for sharing unredacted employer and applicant identifiers

What Compliant Rejection Should Look Like

If an employer legitimately performed LOQ analysis and determined the disability was related to essential job functions, it is better communicated like this:

“After evaluating job-related requirements and assessment results, we will not be moving forward with your application.”

This protects:

• the applicant’s dignity
• the company’s legal position
• the recruiter’s reputation
• the HR department’s credibility

The ASK Framework Reflection: How HR Teams Can Modernize

ALIGN

Align hiring decisions with RA 7277, RA 10173, and fair HR practice.

STRENGTHEN

: Strengthen email templates, SPI handling protocols, and recruiter training.

KICKSTART

: Kickstart reforms to prevent liability caused by careless wording.

Conclusion: HR Words Are Not Just Words — They’re Liabilities or Lifelines

One sentence in a rejection email triggered potential disability discrimination claims, Data Privacy Act violations, reputational harm, and long-term consequences for everyone involved.

This case is not about epilepsy alone. It is about:

• lawful hiring practices
• digital responsibility
• protection of sensitive personal information
• professional HR communication

Your rejection emails will be read someday by legal counsel, regulators, or the public. Write as if they will be — because they will be.

HR Liability Rejection Email: Frequently Asked Questions