Compliance of Higher Education Institutions (HEIs) with the Data Privacy Act of 2012: A case study approach
The Republic Act 10173 also known as the Data Privacy Act (DPA) of 2012 was enacted to protect personal data in information systems. Through the National Privacy Commission (NPC), government and private organizations that include higher education institutions (HEIs), were mandated to fully comply on...
Saved in:
Main Author: | |
---|---|
Format: | text |
Language: | English |
Published: |
Animo Repository
2022
|
Subjects: | |
Online Access: | https://animorepository.dlsu.edu.ph/etdd_infotech/7 https://animorepository.dlsu.edu.ph/cgi/viewcontent.cgi?article=1006&context=etdd_infotech |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | De La Salle University |
Language: | English |
Summary: | The Republic Act 10173 also known as the Data Privacy Act (DPA) of 2012 was enacted to protect personal data in information systems. Through the National Privacy Commission (NPC), government and private organizations that include higher education institutions (HEIs), were mandated to fully comply on / before March 8, 2018. NPC lined up several initiatives including the provision of compliance manual and other pertinent documents in 2017 that will make compliance simple and easy for organizations. However, even a year after the deadline, only 21.15 % of the HEIs nationwide were able to comply with the initial requirement of Data Protection Officer (DPO) registration. It should also be noted that such, is only one of the five pillars or key requirements to fulfill before one can be considered fully compliant. If challenges are encountered in the compliance with the initial requirement, then even greater challenges may be expected from complying with other requirements. Apparently, there are significant factors that affect how and why HEIs comply with the DPA of 2012. These are what this study intends to investigate using Compliance Theory, Protection Motivation Theory, and Socio-economic theory of regulatory compliance, and three HEIs with contrasting compliance cases. The study will be conducted using quantitative and qualitative methods using multiple case-study design. It also intends to contribute to theory by extending organizational commitment as a determinant of compliance with laws related to the use of Information Technology (IT). The results of this study may serve as basis for other HEIs who are still in the process of compliance, as well as, to support government initiatives intended to augment compliance and monitoring efforts. The end goal is to support the government’s policy as stated in RA 10173, “To protect the fundamental human right of privacy of communication while ensuring free flow of information to promote innovation and growth”. |
---|