Chapter I

GENERAL PROVISIONS

Section 1: Description

The Data Privacy Act of 2012 is protecting individual personal information in information and communications systems in the government and the private sector. This act protects the fundamental human right of privacy, of communication while ensuring the free flow of information to promote innovation and growth. It ensures that personal information is secured and protected.

Central Mindanao University needs to collect, process, store, disclose and dispose of personal, sensitive and privileged information about its employees, students, and other individuals to manage the academic career and monitor the progress of employees and students, and complying with legal or lawful obligations. Information in any form (electronic/manual/paper-based) that reveals the identity of an individual is considered “personal information” under the Data Privacy Act of 2012.

The University has formally adopted this policy to ensure compliance with the Data Privacy Act of 2012. This policy will be subject for review as required

To comply with the Act, the University operates in accordance with the Data Privacy Principles as set out in the Act.

A. Transparency.

The data subject must be aware of the nature, purpose, and extent of the processing of his or her personal data, including the risks and safeguards involved, the identity of personal information controller, his or her rights as a data subject, and how these can be exercised. Any information and communication relating to the processing of personal data should be easy to access and understand, using clear and plain language.

B. Legitimate purpose.

The processing of information shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy.

C. Proportionality.

The processing of information shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose. Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by other means.

Section 2: Scope of the Policy

This policy covers all personal information processed and used in the administration of the University and all of its offices/units. This policy includes print, electronic, audio-visual, backup and archived data. Any failure to follow this policy can, therefore, result in disciplinary proceedings under RA10173.

Section 3: Purpose of the Policy

This Policy is developed in order to:

a. define the roles and responsibilities for different data usage and establish clear lines of accountability;

b. develop best practices for effective data management and protection measures;

c. protect the University from data breaches of privacy and confidentiality;

d. ensure that the University complies with applicable laws, regulations, and standards set by Data Privacy Act of 2012; and

e. ensure that all data is effectively documented within the processes associated with accessing, retrieving, reporting, managing and storing of data.