With the appointment of all the necessarycompliant officers for privacy comes the issues of data protection policies. Asan example, if the data subject is a student then the concerns of theuniversity as far as the student is concerned would be about his/her a.) AcademicRecords b.) Health issues both mental, physical and psychological c.
) Grades ofstudents d.) Management of student grades etc…. Issues for the procedures forthe collection, use or disclosure, storage and disposal of personal data mustbe taken into consideration under the data protection policies. Further, access management and monitoringsystems should be in-place for the careful observation of data flow andprocess. These and other review procedures in monitoring privacy and securitypolicies should be considered. The Data Protection policies as far as theuniversity is concerned is still to be drafted along with other policies suchas the breach protocol if certaindata within the university is compromised. Who are the people to respond tosuch crisis and thus a data breachresponse team is to be organized.
However, safeguards for the protection ofinformation against accidental, unlawful or unauthorized access or usage mustbe of paramount concern. Thus, methods for encryption, data anonymity, andother methods must be employed and utilized. The physical security measure is also tobe considered in terms of the design of office space and workstations includingthe physical arrangement of furniture and equipment, shall provide privacy toanyone processing personal data, taking into consideration the environment andaccessibility to the office. Records room and workstations should have limitedaccess. Technical security measures should also beimplemented to strengthen data processing. Moreover, employ security policiesand monitoring systems procedures in place, and safeguards like encryption andauthentication in those systems. In terms of incident response, immediatecorrection and mitigation of breach should be the foremost concern and itssystem restoration.
In any case, preparedness in case of data breach must beconsidered. The creation of Data Privacy Manual has been taken into consideration and in it containsall the process and procedures as far as the university is concerned regardingdata privacy and all requirements of the National Privacy Commission.