data privacy act of 2012 - ceap · general principles governing collection, processing, and...
TRANSCRIPT
DATA PRIVACY ACT OF 2012
IN HIGHER EDUCATION INSTITUTIONS
by Estrada & Aquino Law
He who holds the information, holds the power
3
The State through the Data Privacy Act provides the safeguards
to privacy of information of individuals in school environment
DATA PROTECTION
STUDENTS EDUCATORS SCHOOL
PERSONNEL
!
5
Is there a “Right to Privacy” in the 1987 Constitution?
expressly provide for Right to Privacy?
NO!
The right to privacy is implicit in the Bill of Rights under
the 1987 Constitution. While “right to privacy” is not stated
as one of the fundamental rights, it can be inferred from
several provisions of the Constitution.
7
There are 3 strands to the right to privacy
according to Justice Puno, these are:
1) Locational/Situational;
2) Informational; and
3) Decisional.
Relevant to DPA is the right to
informational privacy, or the right of
individuals to control information about
themselves.8
RIGHTS OF DATA SUBJECT
RIGHT TO BE
INFORMED
RIGHT TO
ERASURE
RIGHT TO
DAMAGES
RIGHT TO
ACCESS
RIGHT TO FILE
COMPLAINT
RIGHT TO
OBJECT
9
RIGHT TO
RECTIFY
RIGHT TO
DATA
PORTABILITY
ACADEMIC FREEDOM
While privacy rights are enjoyedby students and teachers like all citizens,
it should be harmonized and limited by the HEIs’ exercise of its
constitutionally guaranteed academic freedom.
10
HEIs relationships are essentially governed by contracts. 11
HOW DOES DATA PRIVACY AFFECT SCHOOLS?
12
ABC University has a bad practice of
storing its student records. One day,
papers were blowing around in the
wind beside a garbage container. A
student, seeing the papers, grabbed
some out of curiosity.
The Student read information about
Joseph, a 5th grade student, relating
to his special needs assessment, his
IQ score, psychological assessment
score, behavioral information, and
family history.
13
THIS STUDENT AND HIS FRIENDS AFTER MAKING FUN
OF JOSEPH’S MENTAL DEFICIENCY PASSED IT TO
ANOTHER STUDENT (AND SO ON AND SO FORTH).
WITHIN A WEEK, JOSEPH BECAME SUBJECT OF
TAUNTS IN SCHOOL; HE WAS CALLED “DUMB” AND
“RETARD”. BECAUSE OF ABC UNIVERSITY’S POOR
DATA SECURITY PRACTICES, IT LED TO THE DIRECT
HARM OF ONE OF ITS STUDENTS.
14
As a matter of fact, this story happened in reallife in the US. Joseph’s story tells us the needto secure student data and the legalimplications of failing to do so. ApplyingJoseph’s case in our jurisdiction, it is likely forJoseph to have a cause of action under DPA,i.e., accessing of sensitive personalinformation through negligence.
HEIS AS PERSONAL INFORMATION CONTROLLER
A personal information controller is aperson or entity that controlsprocessing or instructs another personto carry out processing.
16
STUDENTS AND THEIR PARENTS ENTRUST SCHOOLS WITH THEIR
PERSONAL INFORMATION WITH THE EXPECTATION THAT THIS
INFORMATION WILL BE USED BY THE SCHOOLS
to serve the needs of the students effectively & efficiently and
to perform their function as educational institutions
3 KINDS OF INFORMATION
Personal Information Sensitive Personal Information Privileged Information
17
refers to any information whether recorded in a material form or not, from which theidentity of an individual is apparent or can be reasonably and directly ascertained by theentity holding the information, or when put together with other information woulddirectly and certainly identify an individual.
PERSONAL INFORMATION
CONTACT
NUMBER
ADDRESSNAME
AGE
BIRTHDAY
18
Sensitive personal information
(1) Race, ethnic origin, marital status,age, color, and religious,philosophical or politicalaffiliations;
(2) health, education, genetic orsexual life of a person, or courtproceedings;
(3) Issued by government agenciespeculiar to an individual (socialsecurity numbers, previous orcurrent health records, licenses orits denials, suspension orrevocation, and tax returns) and
(4) established by an executive orderor an act of Congress
BA COMM - 1ST YEAR
Juan Dela Cruz
SPOUSAL
PRIVILEGE
LAWYER-
CLIENT
PRIVILEGE
DOCTOR-
PATIENT
PRIVILEGE
PENITENT -
CLERGY
PRIVILEGE
PUBLIC
OFFICE
PRIVILEGE
21
Privileged information refers to any and all forms of
data which under the Rules of Court and other
pertinent laws constitute privileged communication.
This has limited application to HEIs.
An example of this is information collected by medicine students under clerkship program rotating
in the hospitals as part of completion of the program.
in our schools and the offices in charge:HERE ARE SOME OF THE USUAL INFORMATION PROCESSED IN
OUR SCHOOLS AND THE OFFICES IN CHARGE:
© 2015 YOUR COMPANY OR PROJECT
ADMISSIONS
OFFICE
GUIDANCE OFFICE AND
STUDENT AFFAIRS
OFFICE-
CLOUD COMPUTING
SERVICES/ ONLINE
CLASS
HR
DEPARTMENT:
CAREER
PLACEMENT AND
ALUMNI OFFICE
REGISTRAR
23
REQUIREMENTS
OF THE DPA IN
PROCESSING
INFORMATION
24
TRANSPARENCY
The data subject must be aware of thenature, purpose, and extent of theprocessing of his or her personal data,including the risks and safeguards involved.
LAWFUL
The processing of information
shall be compatible with a
declared and specified purpose
which must not be contrary to
law, morals, or public policy.
PROPORTIONALITY
The processing of informationshall be adequate, relevant,suitable, necessary, and notexcessive in relation to adeclared and specifiedpurpose. 25
General Principles of Data Processing
GENERAL PRINCIPLES GOVERNING COLLECTION,
PROCESSING, AND RETENTION OF PERSONAL INFORMATION
1 3
2
CONSENTIn order for a data subject to give an informed consent as to the collection and processing of his personal data, he must be informed about the extent and purpose of processing.
DATA QUALITYdata must always be accurate or must be rectified in case of inaccuracy.
SAFETY MEASURES
Any authorized further processing shall have adequate safeguards.
Fair and Lawful
Personal data shall be processed fairly and lawfully.
RETENTIONPersonal Data shall not be
retained longer than necessary.
4
5
26
DATA RETENTION
HOW LONG IS THE RETENTION?
Retention of personal data shall only for as long asnecessary:
28
The importance ofincorporating policiesrelated to Data Privacyto our studenthandbooks and facultyand administrativemanuals cannot beoveremphasized..
HEIS’ RELATIONSHIP WITH ITS STUDENTS AND
PERSONNEL IS ESSENTIALLY CONTRACTUAL.
30
31
The contract documents comprise all forms, rulesand regulations, including manuals and handbooks.Handbooks contain everything from the school’sphilosophy, stated purpose, to enumeration ofprohibited actions.
32
Once a school handbook or manual is adopted by the education community, courts do not usually look into the details and circumstances how students and teachers agree on the specific provisions. This is one of the peculiarities of education.
WALANG BASAGAN NG
FIELD TRIP
MANDATORY DRUG TESTINGvs.RANDOM DRUG TESTING
ESTRADA & AQUINO LAW | www.estradaaquino.com
Catholic and Religious schools, the largest component of non-government education in the Philippines.
Legal problems have undergone many changes.
We live in a litigious society.
Complaints against schools are brought into the legal system.
And even the media.
Era where deregulation is a popular mantra.
Salary Increase for Teachers
Any questions?You can reach me at:
email: [email protected]
Mobile: 09998817412
Land line: (02) 534 81 66
www.estradaaquino.com
Facebook: Joseph Noel Estrada
IG: attyerap