Isabela State University is committed to protect the privacy rights of individuals on personal information pursuant to the provisions of Republic Act No. 10173 or the Data Privacy Act of 2012 and its Implementing Rules and Regulations. All employees, students and administration officers are enjoined to comply with and to share in the responsibility to secure and protect personal information collected and processed by Isabela State University in pursuit of legitimate purposes.
- Isabela State University Collects the following Personal Information:
- Personal and Academic Records of the Student
- Baptismal and Birth Certificates
- Academic Reports
- Medical and Guidance Records
- Disciplinary Records
- Alien Certificated for foreign Students
- Individual financial records (i.e. individual tuition fee payments, balances etc.)
- Employment Information
- How it is collected/Mode of Collection
- Printed Form
- Digital Form
- When it is Collected?
Upon the engagement of the following to the Isabela State University
- Why it is collected?
Isabela State University collects and processes the Personal Data for the purpose of the following:
- Primary Purpose As an educational institution, personal information is collected primarily for the educational purposes of the students and employment purposes. This includes monitoring academic activities as well as extracurricular activities of students and monitoring potential and current employees in accordance with civil service law. This also includes information collected for purposes set out in the privacy statements contained in the documents signed by students or employees. Such information is allowed to be processed and used by authorized personnel for such purposes.
- Secondary Purposes Secondary purposes are those which are collateral to the primary purposes and which are necessary to process the information. This include monitoring the current administrative or disciplinary standing (for student and employee discipline), financial condition (for scholarship purposes) or the health and psychological wellness of students and employees (health purposes). Authorized university personnel are allowed to use personal information collected and/or processed for such purposes provided the following circumstances are present:
- the student or employee has consented to the use or disclosure for the secondary purpose; or
- the student or employee would reasonably expect the University through its authorized personnel to use, or process personal information for secondary purpose and that the secondary purposes are directly related to the primary purposes;
- Government-Related Use and Disclosures Personal information is allowed to be used and disclosed to government agencies to satisfy reportorial requirements in line with their constitutionally or legislatively mandated functions pursuant to existing education or labor laws or when the use of pursuant to lawful order of a court or tribunal.
- Security Measures The University shall take reasonable steps to protect the personal information in its possession from misuse, loss or unauthorized access, modification or disclosure. As most of the personal information of students and employees are stored in the University data bases, access to personal information in digital or digitized form by authorized IT personnel is restricted and individually identifiable. An approval process is in place for internal requests (i.e. special requests for authority to view student profile for disciplinary cases, counseling, or health concerns) for access to restricted student or employee records contained in the University information systems. As a general rule only authorized personnel with the necessary approvals may request for access of the information systems of personal information in accordance with the procedure established by ICT Services Unit, and Article VIII (B) of the Data Privacy Manual of Isabela State University. Physical access to the servers and network equipment is highly restricted to authorized personnel only. Various security appliances and devices are employed to safeguard the university network and its systems. 24-hour security is also provided by the University to secure the areas where the University data centers are located. Access to student and employee personal information is limited to authorized personnel of the specific departments collecting or processing the information. Aside from access restriction, the storage facilities for the hard copies of documents containing personal information are also secured (i.e locked) in cabinets or storage facilities. Only authorized personnel can open or have access to keys to the storage facilities. The storage units or facilities are placed in areas which are not usually accessible to the public, safe from physical hazards such as rain, wind and dust, and located in areas which are usually manned by the authorized personnel. Round the clock security is also provided for the entire University including areas where the hard copies of such documents are kept and secured.
- Retention and Destruction of Personal information The University is required to permanently keep the student and employee records including the information contained therein. In line with this, no personal information may be destroyed unless allowed by such laws, and such destruction, if allowed or authorized by law and the University, must be documented in writing by the University. Unauthorized destruction should be reported to the DPO or any member of the Data Response Team pursuant to the procedure stated in the succeeding section.
- Rights of Data Subjects
- Right to be informed
- Right to object
- Right to access
- Right to rectification
- Right to erase
- Inquiries on Data Privacy Issues Data subjects may inquire or request for information from the Data Privacy Response Team, regarding any matter relating to the processing of their personal data under the custody of Isabela State University, including the data privacy and security policies implemented to ensure the protection of their personal data. Address: ISU Data Privacy Protection Office, 2nd Fl Admin Building
Name of DPO: Dr. Joe G. Lagarteja
Phone: (078) 305-9013