DATA PRIVACY ACT OF 2012

IN HIGHER EDUCATION INSTITUTIONS

by Estrada & Aquino Law

He who holds the information, holds the power

3

The State through the Data Privacy Act provides the safeguards

to privacy of information of individuals in school environment

DATA PROTECTION

STUDENTS EDUCATORS SCHOOL

PERSONNEL

!

5

Is there a “Right to Privacy” in the 1987 Constitution?

expressly provide for Right to Privacy?

NO!

The right to privacy is implicit in the Bill of Rights under

the 1987 Constitution. While “right to privacy” is not stated

as one of the fundamental rights, it can be inferred from

several provisions of the Constitution.

7

There are 3 strands to the right to privacy

according to Justice Puno, these are:

1) Locational/Situational;

2) Informational; and

3) Decisional.

Relevant to DPA is the right to

informational privacy, or the right of

individuals to control information about

themselves.8

RIGHTS OF DATA SUBJECT

RIGHT TO BE

INFORMED

RIGHT TO

ERASURE

RIGHT TO

DAMAGES

RIGHT TO

ACCESS

RIGHT TO FILE

COMPLAINT

RIGHT TO

OBJECT

9

RIGHT TO

RECTIFY

RIGHT TO

DATA

PORTABILITY

ACADEMIC FREEDOM

While privacy rights are enjoyedby students and teachers like all citizens,

it should be harmonized and limited by the HEIs’ exercise of its

constitutionally guaranteed academic freedom.

10

HEIs relationships are essentially governed by contracts. 11

HOW DOES DATA PRIVACY AFFECT SCHOOLS?

12

ABC University has a bad practice of

storing its student records. One day,

papers were blowing around in the

wind beside a garbage container. A

student, seeing the papers, grabbed

some out of curiosity.

The Student read information about

Joseph, a 5th grade student, relating

to his special needs assessment, his

IQ score, psychological assessment

score, behavioral information, and

family history.

13

THIS STUDENT AND HIS FRIENDS AFTER MAKING FUN

OF JOSEPH’S MENTAL DEFICIENCY PASSED IT TO

ANOTHER STUDENT (AND SO ON AND SO FORTH).

WITHIN A WEEK, JOSEPH BECAME SUBJECT OF

TAUNTS IN SCHOOL; HE WAS CALLED “DUMB” AND

“RETARD”. BECAUSE OF ABC UNIVERSITY’S POOR

DATA SECURITY PRACTICES, IT LED TO THE DIRECT

HARM OF ONE OF ITS STUDENTS.

14

As a matter of fact, this story happened in reallife in the US. Joseph’s story tells us the needto secure student data and the legalimplications of failing to do so. ApplyingJoseph’s case in our jurisdiction, it is likely forJoseph to have a cause of action under DPA,i.e., accessing of sensitive personalinformation through negligence.

HEIS AS PERSONAL INFORMATION CONTROLLER

A personal information controller is aperson or entity that controlsprocessing or instructs another personto carry out processing.

16

STUDENTS AND THEIR PARENTS ENTRUST SCHOOLS WITH THEIR

PERSONAL INFORMATION WITH THE EXPECTATION THAT THIS

INFORMATION WILL BE USED BY THE SCHOOLS

to serve the needs of the students effectively & efficiently and

to perform their function as educational institutions

3 KINDS OF INFORMATION

Personal Information Sensitive Personal Information Privileged Information

17

refers to any information whether recorded in a material form or not, from which theidentity of an individual is apparent or can be reasonably and directly ascertained by theentity holding the information, or when put together with other information woulddirectly and certainly identify an individual.

PERSONAL INFORMATION

CONTACT

NUMBER

ADDRESSNAME

AGE

BIRTHDAY

18

Sensitive personal information

(1) Race, ethnic origin, marital status,age, color, and religious,philosophical or politicalaffiliations;

(2) health, education, genetic orsexual life of a person, or courtproceedings;

(3) Issued by government agenciespeculiar to an individual (socialsecurity numbers, previous orcurrent health records, licenses orits denials, suspension orrevocation, and tax returns) and

(4) established by an executive orderor an act of Congress

BA COMM - 1ST YEAR

Juan Dela Cruz

SPOUSAL

PRIVILEGE

LAWYER-

CLIENT

PRIVILEGE

DOCTOR-

PATIENT

PRIVILEGE

PENITENT -

CLERGY

PRIVILEGE

PUBLIC

OFFICE

PRIVILEGE

21

Privileged information refers to any and all forms of

data which under the Rules of Court and other

pertinent laws constitute privileged communication.

This has limited application to HEIs.

An example of this is information collected by medicine students under clerkship program rotating

in the hospitals as part of completion of the program.

in our schools and the offices in charge:HERE ARE SOME OF THE USUAL INFORMATION PROCESSED IN

OUR SCHOOLS AND THE OFFICES IN CHARGE:

© 2015 YOUR COMPANY OR PROJECT

ADMISSIONS

OFFICE

GUIDANCE OFFICE AND

STUDENT AFFAIRS

OFFICE-

CLOUD COMPUTING

SERVICES/ ONLINE

CLASS

HR

DEPARTMENT:

CAREER

PLACEMENT AND

ALUMNI OFFICE

REGISTRAR

23

REQUIREMENTS

OF THE DPA IN

PROCESSING

INFORMATION

24

TRANSPARENCY

The data subject must be aware of thenature, purpose, and extent of theprocessing of his or her personal data,including the risks and safeguards involved.

LAWFUL

The processing of information

shall be compatible with a

declared and specified purpose

which must not be contrary to

law, morals, or public policy.

PROPORTIONALITY

The processing of informationshall be adequate, relevant,suitable, necessary, and notexcessive in relation to adeclared and specifiedpurpose. 25

General Principles of Data Processing

GENERAL PRINCIPLES GOVERNING COLLECTION,

PROCESSING, AND RETENTION OF PERSONAL INFORMATION

1 3

2

CONSENTIn order for a data subject to give an informed consent as to the collection and processing of his personal data, he must be informed about the extent and purpose of processing.

DATA QUALITYdata must always be accurate or must be rectified in case of inaccuracy.

SAFETY MEASURES

Any authorized further processing shall have adequate safeguards.

Fair and Lawful

Personal data shall be processed fairly and lawfully.

RETENTIONPersonal Data shall not be

retained longer than necessary.

4

5

26

DATA RETENTION

HOW LONG IS THE RETENTION?

Retention of personal data shall only for as long asnecessary:

28

The importance ofincorporating policiesrelated to Data Privacyto our studenthandbooks and facultyand administrativemanuals cannot beoveremphasized..

HEIS’ RELATIONSHIP WITH ITS STUDENTS AND

PERSONNEL IS ESSENTIALLY CONTRACTUAL.

30

31

The contract documents comprise all forms, rulesand regulations, including manuals and handbooks.Handbooks contain everything from the school’sphilosophy, stated purpose, to enumeration ofprohibited actions.

32

Once a school handbook or manual is adopted by the education community, courts do not usually look into the details and circumstances how students and teachers agree on the specific provisions. This is one of the peculiarities of education.

WALANG BASAGAN NG

FIELD TRIP

MANDATORY DRUG TESTINGvs.RANDOM DRUG TESTING

ESTRADA & AQUINO LAW | www.estradaaquino.com

Catholic and Religious schools, the largest component of non-government education in the Philippines.

Legal problems have undergone many changes.

We live in a litigious society.

Complaints against schools are brought into the legal system.

And even the media.

Era where deregulation is a popular mantra.

Salary Increase for Teachers

Any questions?You can reach me at:

email: jnme@estradaaquino.com

Mobile: 09998817412

Land line: (02) 534 81 66

www.estradaaquino.com

Facebook: Joseph Noel Estrada

IG: attyerap