In compliance with the Data Privacy Act of 2012, the University, through its Data Protection Officer (DPO) and heads of academic, research, and administrative offices as Compliance Officer for Privacy (COP), reiterates the need to protect the personal data of our data subjects (i.e., applicants, students, academic staff, support staff, and alumni).Â
In relation to a request for the use of personal data needed for the online deployment of data-gathering tools for research (i.e., thesis/dissertation/commissioned research) by internal or external proponents, the final approval of the DPO requires the following:Â
a) The clearance from an accredited UST Ethics Review Committee;Â
b) The review and endorsement of the Office of the Vice-Rector for Research and Innovation; andÂ
c) The approval of the concerned COPs.Â
For your reference, Please see the table below for the process, pathway, and requirements for the approval by the COPs.
Thank you.Â
 PROCESS, PATHWAYS, AND REQUIREMENTSÂ
for the approval of a request for personal data needed for the online deployment of data-gathering tools for a thesis, dissertation, or commisioned research:Â
 Legend:Â
AU – Academic UnitÂ
COP – Compliance Officer for PrivacyÂ
DPO – Data Privacy OfficerÂ
ERC – Ethics Review CommitteeÂ
 MOA – Memorandum of AgreementÂ
NDA – Non-disclosure AgreementÂ
OVRRI – Office of the Vice-RectorÂ
for Research and InnovationÂ
UST – University of Santo TomasÂ
3. Whether the study requires sharing of personal data to an external party or not, the approval to the next step depends on the favorable review of the Ethics Review Committee.Â
4. The Non-disclosure Agreement (NDA) must stipulate the extent of responsibility of the researchers and collaborators in terms of the data life cycle, particularly on disclosure/data sharing.Â
5. The Memorandum of Agreement (MOA) must stipulate the responsibility of the researchers in terms of the different phases of the data life cycle. Â