Personal data is the collective term used to refer to your personal information, sensitive personal information, and privileged information.

Personal information refers to any information that would reasonably identify you as an individual, or when put together with other information, would directly ascertain or make apparent your identity.

Sensitive personal information includes information:
a) About your race, ethnic origin, marital status, age, color, affiliations (i.e., religious, philosophical or political), health, education, genetic or sexual life;
b) Of any proceeding for any offense committed or allegedly committed, the disposal of such proceedings, or the sentence of any court in such proceedings;
c) Issued by government agencies peculiar to you (e.g., social security numbers, health records, licenses or its denials, suspension or revocation, tax returns, etc.); and
d) Specifically established to be kept classified by an executive order or act of Congress.

Privileged information refers to all data classified under the Rules of Court and other pertinent laws as “privileged communication”. In particular, they refer to:
a) Any communication shared in confidence between husband and wife;
b) Any communication or advice between an attorney and a client;
c) Any advice or treatment given, or any information acquired by a doctor from a patient;
d) Any confession made by a person to a minister or priest, as well as any advice subsequently given to that person;
e) Communication made to a public officer in official confidence.

YES. The Act treats the processing of both kinds of personal information differently. Personal information may be processed in compliance with the requirements of the Act, while the processing of sensitive personal information are, in general, prohibited and is allowed to be processed only under specific cases provided by the Act.

Data subjects refer to individuals whose personal information is processed. The University’s largest category of data subjects includes its students and employees.

Personal information controller (PIC) is any person or organization who controls the processing of personal information. This includes person or organization who instructs or outsources another to do the processing on its behalf. This term excludes a person or organization who does the processing as instructed by another person and organization, or in connection with another’s affairs.

Personal information processor (PIP) is any person or organization whom a PIC may instruct or outsource the processing of personal information.

Under the Data Privacy Act of 2012, you are afforded rights regarding the processing your personal data. These include:
• Right to be informed that your personal data will be or is being processed;
• Right to reasonable access to your personal data being processed by the personal data controller or personal data processor;
• Right to dispute the inaccuracy or error in the personal data;
• Right to request the suspension, withdrawal, blocking, removal or destruction of personal data; and
• Right to complain and be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data.

In this digital era, your personal information, when left unprotected, may be prone to threats of commercial or fraud-oriented actors primarily interested in money like identity thieves and personal data marketers.

The University strives to ensure that your personal data under our custody are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. Reasonable and appropriate organizational, physical, and technical security measures are put in place to maintain the availability, integrity, and confidentiality of your personal data.

YES. The National Privacy Commission is an independent body created to carry out the provisions of the Act, and to monitor and ensure the country’s compliance with international data protection standards.