Data Privacy

Purpose:

This policy aims to ensure the protection, confidentiality, integrity, and proper handling of personal and sensitive personal information processed by the Registrar’s Office. It establishes guidelines to safeguard student academic records and related data in compliance with applicable data privacy laws and institutional standards.

Coverage:

This policy shall cover:

• All personal and sensitive personal data handled by the Registrar’s Office

• Student records including admission files, enrollment data, grades, permanent records, credentials, and certifications

• Physical and electronic records maintained by the Registrar

• All Registrar’s Office personnel, authorized school officials and third-party service providers who may have access to student records

Terms and Definitions:

1. Personal Data – Any information from which the identity of a student or individual can be reasonably and directly ascertained.

2. Sensitive Personal Information – Data relating to academic records, disciplinary records, learner reference numbers, and other information protected by law.

3. Data Subject – The student, parent/guardian, or individual whose personal data is processed.

4. Processing – Any operation performed on personal data such as collection, recording, storage, retrieval, disclosure, or disposal.

5. Data Protection Officer (DPO) – The person designated by the school to ensure compliance with data privacy and security regulations.

Reference Material:

• Republic Act No. 10173 – Data Privacy Act of 2012

• Implementing Rules and Regulations (IRR) of RA 10173

• School Policies on Records Management and Information Security

Detailed Guidelines:

1. Collection of Data

The Registrar’s Office shall collect only data that is necessary, relevant, and required for legitimate academic and administrative purposes.

2. Use and Access

Access to student records shall be limited to authorized personnel with legitimate educational interest. Records shall be used solely for official school functions.

3. Disclosure of Information

Disclosure of academic records shall be made only with written consent of the data subject or parent/guardian, or when required by law or lawful order.

4. Storage and Security

4.1 Physical records shall be kept in secured filing cabinets with controlled access.

4.2 Electronic records shall be protected through passwords, access controls, and regular system backups.

5. Retention and Disposal

Records shall be retained in accordance with institutional and legal requirements. Disposal of records shall be done securely through shredding, deletion, or anonymization.

 6. Data Breach Management

Any suspected or actual data breach shall be reported immediately to the Data Protection Officer for investigation, mitigation, and proper notification.

Administration: The Data Protection Officer shall administer this policy.