To comply with Republic Act 10173 otherwise known as the Data Privacy Act of 2012, the Commission on Higher Education (CHED) conducted an organizational meeting on February 2, 2017 at the CHED Auditorium, Quezon City.
Through the National Privacy Commission (NPC), the CHED Central and its National Capital Region (NCR), CALABARZON and MIMAROPA Regional Offices were guided on the objectives and requirements of the Data Privacy Law.
NPC Chief of the Compliance and Monitoring Division Dr. Rolando R. Lansigan, apart from the structures of the law, discussed NPC’s assessment of how CHED handles sensitive and high volume of personal information (i.e. personal records of students, faculty members, employees and other stakeholders, physical or digitized in nature).
Dr. Lansigan also emphasized NPC’s “5 Commandments” for data privacy compliance. These include appointing a Data Protection Officer (DPO), conducting a Privacy Impact Assessment, creating a Privacy Management Program, implementing privacy and data protection measures, and performing Breach Reporting Procedure.
CHED-Office of Planning, Research and Knowledge Management Director III Dr. Maria Teresita M. Semana, who presided the organizational meeting on behalf of CHED Deputy Executive Director Napoleon B. Imperial, explained how the Commission’s Data Privacy Guidelines will be harmonized with the Freedom of Information Law as well as the development of the government-wide Medium-term Information & Communications Technology Harmonization Initiative-Higher Education (MITHI-HE) information systems. She also stressed that these are very crucial and must go hand-in-hand with the existing CHED Information and Communications Technology (ICT) Resources Policy and Guidelines (CIRPAG).
CHED’s next step will be the creation of Data Privacy Committee and establishment of Privacy Management Program. These will be discussed in an orientation-workshop on CHED Data Privacy Guidelines set to happen on the first week of April 2017.