Vience Banzali

Our professor played this video in class, and it really opened my eyes to the importance of data privacy and security. In the video, a man trying to order a pizza was bombarded with personal details that the pizza company employee knew about him, like his medical records, financial information, and even criminal history. It was scary to see how much private data the company had access to without the man's consent.

As I watched, I realized how easy it is for organizations to mishandle and misuse people's personal information if they don't have proper safeguards in place. The video showed that the pizza company's system was connected to all sorts of databases containing sensitive details about the customer, which is a big no-no when it comes to data privacy and security.

It made me understand that companies need to be very careful about how they collect, store, and use people's private information. They should only have access to the data they really need and nothing more. They also need to have strong security measures to prevent unauthorized access or data breaches.

The video was a wake-up call for me to be more aware of how my personal information is being handled by different organizations. It's not something we usually think about, but it's so important to protect our privacy and keep our sensitive data secure.

As I reflect on the insightful discussion about data privacy and security in class, I find myself realizing the profound importance of safeguarding information in our digital age. The concept of ISO 9001:2015 introducing risk assessment struck me as a proactive approach to identifying potential threats to our data. This risk-aware mindset sets the stage for a more comprehensive understanding of the need to protect our sensitive information. In addition, understanding that Privacy Impact Assessment helps us anticipate the impacts of a data breach made me see the need for a comprehensive privacy management program, which was notably emphasized in our privacy manual. The interconnectedness of these concepts became evident, emphasizing the need for a holistic strategy rather than isolated measures to ensure the security and privacy of our data.

We have also discussed the five (5) pillars of compliance mandated by the National Privacy Commission. The discussion about exercising what's written in the manual being the fourth pillar resonated with me. It's not just about having guidelines on paper but actively putting them into practice. This practical aspect adds a layer of responsibility, highlighting the bridge between theoretical knowledge and real-world application in maintaining data privacy and security. Moreover, the scenario painted in case of a data breach, where the National Privacy Commission (NPC) evaluates adherence to the five data privacy guidelines, highlighted the real-world consequences of our actions in handling sensitive information. This connection between our theoretical learning and the potential scrutiny from regulatory bodies underscores the gravity of maintaining a robust data protection framework.

As a result of the adherence to the five (5) pillars of compliance as well as data privacy guidelines, our professor scrutinized the university’s compliance. The detailed discussion on the university's compliance with the framework, the absence of a record for Privacy Impact Assessment, and the existence of a data privacy manual created by our instructor highlighted the practical applications of the concepts discussed. This connection to our specific institutional context emphasized the relevance of our learning to our immediate environment, making the theoretical concepts actionable in our educational setting.

On the other side, the discussion on data retention, archiving, and securing archives being one of the data privacy cycles made me appreciate the intricate steps taken to preserve our records. The importance of secure archives as a protective measure against potential loss is tied back to our overarching theme of safeguarding data across its entire lifecycle. The mention of consequences for failing to adhere to the data privacy cycle served as a reminder that every action carries weight. This connection to consequences brought a sense of accountability, reinforcing the idea that our individual and collective efforts contribute to the overall data protection framework.

In our digital world today, data has become very valuable – it can empower us but also make us vulnerable in new ways. A recent worrying report showed that 1 out of 3 Filipinos have been hacked through infected thumb drives. Just this week, my professor warned our class about such threats, though many of us are probably casual about cyber safety at times. He also discussed the recent issue involving actor Dominic Roque and Mayor Bullet Jalosjos. Private details in Mayor Jalosjos' SALN were leaked on purpose to spread false information about a condo he owned. This example shows how personal information can easily be used to harm us if mishandled.

Data is power. As the most valuable resource today, it drives entire industries and nations, surpassing even oil. Little wonder data science has become the hottest field, unlocking value from the masses of information we generate daily, often without realizing it. But my professor’s recent experience showed the data’s dark side. Confidential student details were accidentally shared via a PDF, violating privacy. This “slap” woke me up - while data enables convenience, we must handle it thoughtfully, not becoming complicit in misuse.

Laws like the Data Privacy Act of 2012 now secure Philippine data rights, upholding key principles around transparency, limited use, proportional collection, accountability, and confidentiality for handling private information. Higher education institutions in particular need more awareness, as a study by my professor revealed. Within schools, data protection officers are appointed to ensure compliance, while the National Privacy Commission oversees implementation countrywide.

Yet laws can only do so much. As a “data subject”, I realized that data dignity starts with me. Even basic identification numbers open doors to identity theft if not protected. Cyber hygiene matters - avoiding shady thumb drives, reading terms carefully, and practicing discretion when sharing information even with apps and sites. We can self-regulate by being informed, resisting oversharing, and speaking up on data policies rather than blindly complying.

During our second day of class, our professor recapped the previous topic and shared insights from an accreditation video webinar. He highlighted a Google Form used by the National Service Training Program (NSTP) that included a data privacy consent section, which was a commendable practice. However, as we delved deeper into the form's content, it became apparent that there were instances of oversharing of personal information.

The NSTP enrollment form first asked for the student's name and USEP ID, followed by a request for a Certificate of Registration (COR). Our professor rightfully pointed out that since the COR already contains the student's name and USEP ID, there was no need to ask for this information separately. This redundancy raised concerns about the unnecessary collection and potential misuse of personal data.

To further illustrate the importance of data privacy and security, our professor shared a personal experience. During the freshmen convocation, his photograph was edited, altered, and modified, creating an image that did not accurately represent him. He felt disrespected by this incident, but instead of taking legal action, he chose to use it as an opportunity to educate others about the responsible handling of personal information.

Our professor also posed a thought-provoking question: "How do businesses gain money if they offer significant discounts, such as 50% off during Christmas sales or Cebu Pacific's famous piso fair?" His answer highlighted the concept of markup pricing, where businesses set their prices at a 125% markup over their costs, allowing them to profit even when offering substantial discounts.

This discussion led to an even more profound question: "What is more valuable, data or money?" Our professor emphasized that data holds immense value because if someone steals your money, they only gain what was taken. However, if someone steals your personal data, they gain access to much more, potentially enabling them to steal your money and other possessions as well.

Reflecting on these lessons, I am reminded of the importance of responsible data handling and the need for individuals and institutions to prioritize data privacy and security. By implementing robust consent practices, minimizing the collection of unnecessary personal information, and educating stakeholders about the value of data, we can create a safer and more trusted environment for everyone.

During a recent activity focused on data privacy and security in USEP's enrollment process, our class identified several concerning issues that require attention. As we delved into the topic, I couldn't help but reflect on the significance of safeguarding sensitive information and the potential consequences of lapses in data protection.

One issue that stood out was the College of Education's practice of storing student records in a shared Google Drive. While the intention may have been to facilitate access and collaboration, this approach raises significant privacy concerns. If the link to this drive were to fall into the wrong hands, it could lead to a catastrophic data breach, exposing the personal information of countless students.

Another practice that caught my attention was the public posting of room assignments by the College of Information and Computing. By displaying this information openly, the college inadvertently revealed the schedules and attendance patterns of its students. Such exposure could potentially make them vulnerable to harm or exploitation by malicious individuals.

During our discussions, we also learned about instances of data inaccuracy within the enrollment system. One of my classmates narrowly avoided being marked as an irregular student due to a system error. This experience highlighted the need for improved data integrity and quality control measures to ensure that such errors do not compromise a student's academic standing or progress.

The tracking feature within the enrollment system, which relies solely on student IDs without additional verification, also raised concerns about identity theft. If an unauthorized individual were to gain access to a student's ID, they could potentially impersonate that student and compromise their data, causing immense damage.

Furthermore, the practice of sharing student records through a shared Google Drive increases the risk of a data breach. If a malicious actor were to gain access to the drive, they could leak sensitive information about numerous students, violating their privacy and potentially causing harm.

Our professor's example of taking our picture during the activity without prior consent also struck a chord with me. As he rightly pointed out, capturing and using an individual's image without permission could violate data privacy laws and erode trust in the institution.

As we explored these issues, our professor shared insights from his experiences as a former Data Privacy Officer and Systems and Data Management Division (SDMD) Director. He and Sir Bong had created the security manual, which should serve as a valuable resource for addressing these concerns and establishing best practices for data handling and storage.

Our professor's time and motion study during his tenure as SDMD Director, when enrollment was conducted face-to-face, revealed an average enrollment time of 3.4 hours. This insight made me wonder about the potential for efficiency improvements in the current online system, particularly if data privacy and security concerns were adequately addressed.

On the first day of school, our professor asked us about the things we had heard about him. Some of my classmates described him as a "tiger," "strict," and "terror." However, he clarified and verified some of these perceptions. He said that he was not just strict but "very strict." During this first encounter, I appreciated his sense of humor. We seemed to share a similar sense of humor, and I thought his class would be anything but boring.

After this initial exchange, we discussed the University's mission, vision, and goals. The professor emphasized how crucial it is for students to understand and embody these core principles to contribute to the growth and development of the university community. By practicing these values daily, students can help the university achieve its goals and move closer to realizing its mission. One statement he made that stuck with me was that every aspect of the university's values, purpose, and future revolves around its central mission.

Reflecting on the mission, vision, and goals of our university, I can see how important it is for all students to internalize and implement these principles in their daily lives. The mission statement highlights the university's commitment to inclusive growth, sustainable development, innovation in academic programs, impactful research, economically empowering community service, and sustainable resource management. By embracing these values, we as students can contribute to the university's efforts to transform communities, not just within the ASEAN region but beyond.

The university's vision of becoming a premier research university that transforms communities aligns with its goals of internationalizing programs and services, fostering an environment that nurtures innovation and research, producing proactive, globally competitive, and service-oriented graduates, and transforming vulnerable and disadvantaged groups and communities. Additionally, the goal of mobilizing and optimizing resources for sustainable development underscores the university's commitment to responsible stewardship.