Professional Documents
Culture Documents
Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), aims
to protect personal data in information and communications systems both in the
government and the private sector.
I. Introduction
Data: means information in a form which can be processed. It includes automated data
(information on computer or information recorded with the intention of putting it on
computer) and manual data (information that is kept as part of a relevant filing system,
or with the intention that it should form part of a relevant filing system)
1. To what will the policy apply? The policy applies to the keeping and
processing of personal data, both in manual form and on computer, including
personal data held on all students.
2. To whom will the policy apply? The policy applies to all students, insofar as
the measures under the policy relate to them.
IV. Processing of Personal Data
1. Students
1.1 Collection
______ will ensure that any personal information, records and data under its
custody will be in a secure, locked filing cabinet for paper files and secure
computer for e-files. _______will implement appropriate security measures in
storing collected personal information, depending on the nature of the
information.
____ processes and retains Personal Data as necessary for the Purposes in
accordance with:
(1) The Data Privacy Act of 2012, its Implementing Rules, and relevant issuances
of the National Privacy Commission;
(2) The National Archives of the Philippines Act of 2007 its Implementing Rules,
and relevant issuances of the National Archives of the Philippines;
(3) Documented Information Policies and Procedures of __
(3) Policies, guidelines, and rules of the ____;
(4) Research guidelines and ethical codes of conduct adopted by the _____; and
(5) Executive Order No. 2, series of 2016 on Freedom of Information and
subsequent related executive orders. In the absence of an applicable rule
of retention, Personal Data shall be retained by a ____ unit in accordance
with the practices of government bodies with analogous functions.
B. Access
Due to sensitive and confidential nature of Personal information, records and data,
only the ____ employee and the authorize representative of _____ shall be allowed
to access such personal information, records and data, for any purpose, except for
those contrary to law, public policy, order and morals. Employees are required to
maintain the confidentiality of any data to which they have access.
All ____ employees, personnel, student assistants, and students shall maintain
confidentiality of all personal information, records or data that comes to their
knowledge and possession, even after resignation, termination of contract, and
other form of separation in the university.
V. Security Measures
A. ____ shall conduct a Privacy Impact Assessment (PIA) relative to all activities,
projects and systems involving the processing of personal data.
B. ___ designated ___, who is concurrently serving as the ____ of the university as
Data Protection Officer, reporting to the ____, is tasked to protect the privacy of
personal information to, in, and from Panpacific University with the following
functions:
(1) Comply with data privacy laws and regulations including implementing
data protection measures, submitting regulatory requirements, and
managing privacy incidents.
(2) Conduct of a Privacy Impact Assessment
(3) Provide units of the University support services including formulating
policies, training people, and conducting audits with remediation
solutions.
(4) Prevent legal, financial, and operational risks by improving current and
future forms, contracts, processes, and I.T. systems to secure against
leakage of information.
(5) Develop in the University a culture of respect for privacy by formulating
policies and establishing practices at par with domestic and
international standards.
C. ___ shall sponsor a mandatory training on data privacy and security at least
once a year. For personnel directly involved in the processing of personal data,
management shall ensure their attendance and participation in relevant
trainings and orientations, as often as necessary.
D. All students will be asked to sign a Non-Disclosure Agreement. All employees
with access to personal data shall operate and hold personal data under strict
confidentiality if the same is not intended for public disclosure.
E. This Manual shall be reviewed and evaluated annually. Privacy and security
policies and practices within the organization shall be updated to remain
consistent with current data privacy best practices.
Annexes
A. Consent Form
B. Access Request Form
**Sources:
https://www.privacy.gov.ph/creating-a-privacy-manual/
https://upd.edu.ph/wp-content/uploads/2019/02/UP-Diliman-Privacy-Policy.pdf
https://resources.workable.com/data-protection-company-policy
Template for Data Protection Policy