1. General Provisions:
- In compliance with RA 10173 or the Data Privacy Act of 2012, ҹɫÊÓƵ has appointed a Data Protection Officer (DPO) who shall serve as the focal person who can ensure that the users’ right to privacy is observed. All unit heads serve as Compliance Officers for Privacy (COP) and they uphold the implementation of this Privacy Policy (DPO-PO-001).
- ҹɫÊÓƵ’s information systems, including email and Internet access, shall be used for university purposes only. The use of the university’s information systems for the intention of distributing materials and/or software in violation of copyright shall not be permitted.
2. Privacy Provisions
- The information systems (including but not limited to this website, school information systems, etc.)Â of the university are expected to function properly and the users can expect the files and data he/she generates to be private information.
- All users should be aware that no information systems are completely secure, hence the university shall make no guarantee regarding the availability of data and refuses any liability in the event of data loss.
- The university shall exercise practical measures to prevent loss of data and to attempt data restoration when applicable.
3. Access to user data
- All users shall only access the data provided to them by their specific user access levels.
- If by any means the users were able to access the data that are not intended for them, they shall report it to the concerned office immediately.
- Only authorized personnel shall have access to sensitive data as approved by the Office of the President through the Data Protection Officer.
4. Data/Log Retention Policy
- Electronic data logs shall be retained for 90 days after their first creation.
- Electronic data logs shall be considered confidential.
- the MIS/ITRC shall take active measures to prevent unauthorized access of electronic data logs during the retention period.
- The use of any such retained information by authorized staff, and the release of any log information to third parties, shall be done under the direction and with the approval of the Office of the President through the MIS/ITRC Director.
- Failure to comply with this provision shall be subjected to disciplinary action, up to and including termination of employment.
5. Information System Misuse
- All ҹɫÊÓƵ’s information systems should not be used in a way that may constitute threatening, freighting intimidating or unpleasant material on the basis of religion, nationality, sex, disability, etc.
- The university shall take practical steps to safeguard that its information systems are free of computer viruses, worms or other malicious programs.
- Tools for scanning and disinfecting disks shall be provided by the MIS/ITRC office for all university-owned computers.
- The University shall not be responsible for damage to personally owned computers or the loss of data due to viruses, worms or other malicious obtained through the University’s information system.
- Unauthorized use of software or other copyrighted material shall be strictly prohibited and illegal, and could result in legal action.
- Making copies of software having a restricted use license shall be considered a violation of copyright and is prohibited.
- If the MIS/ITRC department finds such software installed on the University information system, it will be removed promptly.
- Installation of university-licensed software on a personally owned computer is illegal unless permitted by the software license.
- Installation of non-university licensed software on university computers is permitted only with the prior consent of the MIS/ITRC office.
- Abuse or misuse of the information systems, including without limitation to e-mail and Internet, in any way, whether or not expressively set forth above, which would result in the detriment to the information systems, or which would in any way reveal or disclose nonpublic information, data, or materials of the University without express authorization, is strictly prohibited.
6. Policy Violations
- Abuse of the University’s information systems, through extreme personal use, or use in violation of law or university policies, will result in disciplinary action, up to and including termination of employment and/or enrollment.
- All persons to whom these guidelines are applicable, as stated above, are responsible for adhering to these rules. All decision-making personnel are responsible for ensuring that these policies are adhered to within their respective areas of responsibility.
Employees and students can read the comprehensive guide to Data Privacy in the ҹɫÊÓƵ Data Privacy Manual (DPO-MAN-001)