The Privacy Impact Assessment is a process undertaken and used to evaluate and manage impacts on privacy of a program, project, process, measure, system or technology product of Personal Information Controller or Personal Information Processor. The tool takes into account the nature of the personal data to be protected, the personal data flow, the risks to privacy and security posed by the processes, data practices, the cost of security implementation, and, where applicable, the size of the organization, its resources, and the complexity of its operations.[1]
The objectives of the assessment are: (a) to determine how UP Diliman processes Personal Data; (b) to identify privacy risks; and (c) management of privacy risks.
The UP Diliman’s academic units and administrative offices were tasked to identify Privacy Focal Person (PFP) for each of their units/offices. The PFPs identified by each office were tasked to assess all activities, projects and systems in their respective units/offices that involves processing of personal data under the guidance and supervision of the Data Protection Office.[2]
This PIA Report aims (a) to document the PIA process and the result of privacy analysis, (b) to describe the baseline privacy risks of UP Diliman, and (c) to communicate to UP Diliman Chancellor and the Heads of each Units/Offices the proposed security measures that will address the privacy risks identified. This serves as a basis for implementing privacy changes.
Click here for the PIA Questionnaire FAQs
[1] National Privacy Commission Advisory No. 2017-03 “Guidelines on Privacy Impact Assessments, Definition of Terms.
[2] Office of the Chancellor Memorandum No. MLT-18-022 Unit Information Officers as Data Privacy Focal Person.