Professional Documents
Culture Documents
CCS113 EISP Grp4
CCS113 EISP Grp4
Personal information is provided (as appropriate) in accordance with this Privacy Policy and with the user’s consent in
a separate, formal statement:
● To other organizations to which the data must be sent in order to achieve the processing goals.
The information should be preserved and stored in accordance with the purpose for which it was processed if it is
essential to keep the data for a specific amount of time due to legal requirements. In an independent formal declaration
that is signed by the user and is specific to the processing goal, the duration of retention for personal data is stated.
Need for Information Security
Department of IT Units and IT Resources Owners - Implement and oversee adherence to this standard, as
well as any pertinent policies, standards, and best practices, for IT resources in their charge. To safeguard IT
resources, if necessary, establish additional policies, processes, or other requirements that go beyond this
standard.
IT Security and Policy Identity and Access Management - Provide departments and academic units with
identity, authentication, and authorization services.
Data Users - Those who access personal data to carry out their given tasks. Data Users are accountable for
maintaining the security of their access rights, using personal data they have access to in accordance with the
risk level assigned to it, and adhering to IT standards.
Reference
Republic Act 10173 - Data Privacy Act of 2012
https://www.privacy.gov.ph/data-privacy-act/
Data Protection and Privacy Laws
https://id4d.worldbank.org/guide/data-protection-and-privacy-laws
Privacy Design Guidelines for Mobile Application Development
https://www.gsma.com/publicpolicy/wp-content/uploads/2018/02/GSMA-Privacy-Desig
n-Guidelines-for-Mobile-Application-Development.pdf