UNIVERSITY OF THE PHILIPPINES DILIMAN
MESSAGE AND COMMUNICATION POLICY
I. Scope
This Policy governs the creation, sending, transmittal, receipt, access, use, processing, and storage of documents, instruments, files and data in any form or medium containing personal or confidential information (the “Private Information“) directly or indirectly by, originating from, pertaining to, under the possession of, owned by, or related to the University of the Philippines System, including the University of the Philippines Diliman, and their respective units, personnel and representatives (the “University”).
II. Personal and Confidential Information
Information is “personal” when it is defined by the Data Privacy Act of 2012 as personal information, sensitive personal information, or privileged information. This includes all information which can singly or cumulatively identify, discriminate, or damage officials, staff, faculty, Research, Extension and Professional Staff (REPS), students, parents, alumni, representatives, and other individuals related to the University of the Philippines.
Information is “confidential” when it is generally non-public data or information by, originating from, pertaining to, under the possession of, owned by, or related to the University of the Philippines Diliman, the University of the Philippines System, UP Constituent Universities, and their respective colleges, offices, units, instrumentalities, and their respective officers, employees, agents and representatives. This includes any part in any stage of research work, including processed or unprocessed data forming part of, related to, or arising from to such research work.
“Messages and communications” are printed and electronic correspondences, regardless of the sender and recipient.
III. Protection of Private Information
Private Information contained in or referenced by messages and communications are strictly confidential and exclusively for the intended recipient/s only.
All individuals, entities and parties accessing, possessing, or using the Private Information shall implement organizational, physical, and technical security measures for the privacy and protection of the Private Information as appropriate under the circumstances which shall not fall below regulatory and industry standards.
IV. Correspondences
No part of messages and communications containing or referencing Private Information may be reproduced, transmitted, or exhibited in any form or manner without the concurrent express written consents of the sender and the University. The consent of the University is not a substitute to the consents of the data subject, intellectual property owner, or the original source of the Information. Creation, access to, or receipt of messages and communications from the University subjects the person, entity or party to this Policy and relevant data privacy regulations.
Official printed and electronic messages and communications containing or referencing Private Information are required to state a privacy and confidentiality notice which shall substantially contain the matters in the following suggested notice:
Privacy and Confidentiality
This message, its thread, and any attachments are privileged and confidential. No part of this message may be reproduced or exhibited in any form or manner without the consents of the sender and the University of the Philippines Diliman. In case of wrongful receipt of or unauthorized access to this message, please immediately inform the sender and permanently delete all wrongfully received copies. Your access to this message subjects you to the UP Diliman Message and Communication Policy and relevant data privacy regulations.
This suggested notice may be revised or added to in accordance with the context of each correspondence.
All electronic and hard copies of messages and communications containing or referencing Private Information which are wrongfully received or accessed without authority should be (1) permanently deleted and disposed of. The University and the sender of the Private Information wrongfully received or accessed without authority should immediately be informed.
The University shall not be liable for claims, losses, damages, charges, and expenses directly or indirectly arising from or related to any part of the Information and its access, use, or processing.
In case of doubt, it should be presumed that the privacy and confidentiality of data and information should be kept private and protected.