Office of the Secretary-General
Process, Pathway of Approval, and Requirements for Requested Personal Data for Data-gathering Purposes
In compliance with the Data Privacy Act of 2012, the University, through its Data Protection Officer (DPO) and heads of academic, research, and administrative offices as Compliance Officer for Privacy (COP), reiterates the need to protect the personal data of our data subjects (i.e., applicants, students, academic staff, support staff, and alumni).
In relation to a request for the use of personal data needed for the online deployment of data-gathering tools for research (i.e., thesis/dissertation/commissioned research) by internal or external proponents, the final approval of the DPO requires the following:
a) The clearance from an accredited UST Ethics Review Committee;
b) The review and endorsement of the Office of the Vice-Rector for Research and Innovation; and
c) The approval of the concerned COPs.
For your reference, Please see the table below for the process, pathway, and requirements for the approval by the COPs.
PROCESS, PATHWAYS, AND REQUIREMENTS
for the approval of a request for personal data needed for the online deployment of data-gathering tools for a thesis, dissertation, or commisioned research:
AU – Academic Unit
COP – Compliance Officer for Privacy
DPO – Data Privacy Officer
ERC – Ethics Review Committee
MOA – Memorandum of Agreement
NDA – Non-disclosure Agreement
OVRRI – Office of the Vice-Rector
for Research and Innovation
UST – University of Santo Tomas
- The Compliance Officer for Privacy (COP) for Academic Unit level data is the head of the Academic Unit while the COP for University level data is the head of the concerned University unit.
- The Memorandum of Agreement (MOA) must stipulate the responsibility of the researchers in terms of the different phases of the data life cycle.
3. Whether the study requires sharing of personal data to an external party or not, the approval to the next step depends on the favorable review of the Ethics Review Committee.
4. The Non-disclosure Agreement (NDA) must stipulate the extent of responsibility of the researchers and collaborators in terms of the data life cycle, particularly on disclosure/data sharing.
5. The Memorandum of Agreement (MOA) must stipulate the responsibility of the researchers in terms of the different phases of the data life cycle.