The University of the Philippines Diliman (UP Diliman) is dedicated to safeguarding personal information through its robust Security Incident Management Policy. This policy outlines the procedures for handling security incidents and personal data breaches in compliance with the Data Privacy Act of 2012.
The policy aims to establish effective response teams and procedures for addressing security incidents within UP Diliman’s academic units and administrative offices.
Clear definitions are provided for essential terms, ensuring a common understanding across the university community.
The policy establishes a Constituent University-level Breach Response Team (Diliman-Level BRT) and Unit-Level BRTs, ensuring a coordinated and multidisciplinary approach to incident response.
The policy emphasizes the responsibility of each unit to monitor, mitigate, and respond to privacy concerns, aligning with the UP Diliman Acceptable Use Policy and incorporating measures for data protection.
An eight-step incident response procedure is outlined, emphasizing a clear reporting mechanism and timely communication with the UP Diliman Data Protection Officer and relevant Privacy Focal Persons. Guidance on breach notification to the National Privacy Commission (NPC) and affected data subjects is provided.
The Mitigation Response Plan focuses on containment, recovery, feedback, and learning, emphasizing prompt resolution, communication with affected parties, and comprehensive analysis for continuous improvement.
UP Diliman’s Security Incident Management Policy reflects a proactive approach to data protection, ensuring a secure information environment for its community. Clear procedures, defined responsibilities, and continuous improvement efforts contribute to a resilient and effective incident response system.