Tuguegarao City – The Commission on Higher Education Regional Office 2 (CHEDRO2) held an orientation on the conduct of Privacy Impact Assessments (PIAs) for higher education institutions (HEIs) last June 25 at the University of Saint Louis (USL).
It was the second part of the series of orientations CHEDRO2 has conducted to assist HEIs in the Cagayan Valley Region in their compliance to Republic Act No. 10173 or the Data Privacy Act of 2012.
Attended by registrars, data protection officers and personal information controllers of state universities and colleges and private HEIs in the region, the event stressed the value of and how to handle data gathered from stakeholders of HEIs.
Mr. Don R. de la Cruz, Education Supervisor II of the CHEDRO2, served as the speaker giving the guidelines on Privacy Impact Assessment and guiding the participants on how to conduct such an assessment.
He discussed the following, among other topics: data privacy principles, baseline data, legal obligations, control framework, gaps and risks in data processing, measures to address risks, stakeholder engagement, personal data flows, and privacy impact analysis.
A Privacy Impact Assessment (PIA) is a “structured approach for organizations to understand the privacy risks associated with the processing of personal data and take appropriate steps to manage those risks.”
With the enormous data gathered from stakeholders, privacy is a concern both for stakeholders and HEIs. To further the implementation of R.A. 10173, the assessment is conducted to ensure confidence that privacy issues are addressed.
“The practice of conducting PIAs is an important contribution to general risk management within an organization,” Mr. de la Cruz noted.
The assessment, which requires preparatory activities, conduct of the PIA, and reporting or publication of results, is deemed to be conducted by an HEI if the assessment has never been conducted for any of the HEI’s data processing systems and whenever there are new programs, projects, activities, and processes that require collection of personal information from data subjects.
“The initiative of the CHEDRO2 to orient HEIs in the region on the conduct of Data Privacy Impact Assessment is commendable as this will move all HEIs to be serious and vigilant in their implementation of the Data Privacy Act,” said Mrs. Luisa Aquino, USL Data Privacy Officer and concurrently the Institutional Development and Quality Assurance and Communications Officer.
“The University of Saint Louis is already compliant to the two of the five pillars of compliance to the Data Privacy Act since there is already a designated Data Protection Officer and a Data Privacy Manual albeit still for further review and improvement. The conduct of the Data Privacy Impact Assessment will be an additional compliance to the five pillars,” Mrs. Aquino added.