Privacy Risk & Information Security Management
Central Luzon State University
The CLSU Data Privacy Division is committed to protecting the personal data of students, faculty, staff, and stakeholders. We ensure university compliance with the Data Privacy Act of 2012 through policies, privacy impact assessments, and awareness programs.
To protect personal data and uphold data subject rights through compliance, awareness, and effective privacy practices.
An organization that values trust, security, and integrity in all data-related processes.
In today's digital age, safeguarding personal information is essential. Our office ensures that privacy and security standards are consistently implemented.
We implement robust measures to secure personal information from unauthorized access and misuse.
We support every data subject's rights to access, correction, and lawful deletion where applicable.
We maintain clear communication and policies on how personal data is processed and protected.
Discover how we protect your privacy and support responsible data governance in CLSU.
Comprehensive privacy support services for CLSU units and stakeholders.
This form serves as the official channel for individuals or departments seeking to retrieve specific information held by the university. It ensures that data requests are formal, documented, and evaluated for legitimacy before any information is released.
A foundational tool used to map out the flow of information within an office. It identifies what personal data is being collected, where it is stored (physical or digital), who has access to it, and how long it is retained. This acts as a primary record for maintaining organizational transparency.
A critical risk management document used to evaluate the potential privacy risks associated with a specific project, system, or process. It outlines the measures taken to mitigate those risks and, as per recent updates, typically requires the signatures of the assessor and the Chief of the Data Privacy Division.
This document provides formal proof that sensitive records or hardware have been securely destroyed. It is used to verify that data is no longer retrievable after its retention period has ended, such as after the supervised use of industrial paper shredders.
Used to document any potential or actual security breaches or unauthorized access to personal data. It captures the details of the event, the timeline, the extent of the data involved, and the immediate actions taken to contain the situation.
A legal and professional commitment signed by employees, interns, or third parties. It binds the signatory to protect sensitive university information and personal data they may encounter during their duties, ensuring they do not disclose it to unauthorized individuals.
Find answers to frequently asked questions about privacy, compliance, and data rights.
It is the Philippine law (RA 10173) that protects personal information and regulates data processing.
You may request access, correction, objection, and lawful deletion of personal data where applicable.
Report it immediately to the Data Privacy Office with incident details so proper response can begin.
A PIA identifies privacy risks in systems or processes and recommends controls before deployment.
Have questions about data privacy? We are here to help.
Contact our office for privacy-related concerns.
Prism Bot
Answers from approved PDF protocols and ordinances.
