Applicability of Information Governance for Data Privacy Compliance in the Education Sector
De La Salle University
Abstract: In 2012, Republic Act 10173 of the Republic of the Philippines otherwise known as the Data Privacy Act of 2012 was approved and published by the Philippine Congress. The regulations main purpose is to ensure free flow of information while imposing the obligation to secure and protect personal data both in the government and private sector. (Philippine Fifteenth Congress, 2012). Given the complexities of the regulation, academic institutions are having difficulties in complying as stated in (Doce & Ching, 2018). (Lomas, 2010) recommends that ISO 27001 be considered as a framework to follow which was also recommended by the NPC Privacy Toolkit (NPC, 2018) as a certification to aspire for in order to comply with the Data Privacy Act of 2012 thru the implementation of an Information Security Management Systems as it aligns with the various aspects of information management as well as the records management principles in ISO 15489. However, some organizations would be ready to implement frameworks as discussed by (Alqatawna, 2014). In the case of ISO 27001, (Alqatawna, 2014) stated that the although the framework is domain agnostic and only defines requirements allowing the organization to develop its own implementation. The use of open source technology to aide compliance efforts were also previously studied (Lyn De Guzman, 2020) which touches on the need to embed data privacy compliance within the overall structure of governance in an organization. An overall picture is presented based on existing literature of what data privacy compliance entails starting from the regulation to its implementation on an academic institution highlighting the unique characteristics of the domain. The study shows that pivoting on Information Governance as an alternative and wholistic approach that embeds compliance on day-to-day operations in place of the current state of practices to address some of the gaps identified.