With the appointment of all the necessary
compliant officers for privacy comes the issues of data protection policies. As
an example, if the data subject is a student then the concerns of the
university as far as the student is concerned would be about his/her a.) Academic
Records b.) Health issues both mental, physical and psychological c.) Grades of
students d.) Management of student grades etc…. Issues for the procedures for
the collection, use or disclosure, storage and disposal of personal data must
be taken into consideration under the data protection policies.
Further, access management and monitoring
systems should be in-place for the careful observation of data flow and
process. These and other review procedures in monitoring privacy and security
policies should be considered.
The Data Protection policies as far as the
university is concerned is still to be drafted along with other policies such
as the breach protocol if certain
data within the university is compromised. Who are the people to respond to
such crisis and thus a data breach
response team is to be organized.
However, safeguards for the protection of
information against accidental, unlawful or unauthorized access or usage must
be of paramount concern. Thus, methods for encryption, data anonymity, and
other methods must be employed and utilized.
The physical security measure is also to
be considered in terms of the design of office space and workstations including
the physical arrangement of furniture and equipment, shall provide privacy to
anyone processing personal data, taking into consideration the environment and
accessibility to the office. Records room and workstations should have limited
Technical security measures should also be
implemented to strengthen data processing. Moreover, employ security policies
and monitoring systems procedures in place, and safeguards like encryption and
authentication in those systems. In terms of incident response, immediate
correction and mitigation of breach should be the foremost concern and its
system restoration. In any case, preparedness in case of data breach must be
The creation of Data Privacy Manual has been taken into consideration and in it contains
all the process and procedures as far as the university is concerned regarding
data privacy and all requirements of the National Privacy Commission.