Central Mindanao University (CMU) remains steadfast in protecting the personal data of students, employees, and stakeholders. Guided by Republic Act No. 10173, or the Data Privacy Act of 2012, this document outlines how the University collects, uses, and safeguards personal and sensitive information across its academic, administrative, research, extension, and production functions.
CMU collects personal data strictly for lawful and legitimate purposes aligned with its institutional mandate. All data practices are governed by the privacy principles of Transparency, Legitimate Purpose, and Proportionality, ensuring that data is processed fairly and only to the extent necessary.
Objective: To manage academic records, monitor student progress, and deliver educational services.
Data Examples: Name, student ID, class schedules, academic grades, attendance records
“The processing is necessary for the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract.”
— RA 10173, Sec. 12(b)
Objective: To administer student services, employee records, payroll, and institutional finances.
Data Examples:
“The processing of personal information shall be allowed... and adherence to the principles of transparency, legitimate purpose and proportionality.”
— RA 10173, Sec. 11
Objective: To support evidence-based policies and academic inquiries through ethical and privacy-aware data gathering.
Data Examples: Survey responses, demographic information, participant identifiers
“The processing of personal information shall be allowed... and adherence to the principles of transparency, legitimate purpose and proportionality.”
— RA 10173, Sec. 11
Objective: To evaluate and enhance programs that serve partner communities.
Data Examples: Participant feedback, contact info, demographic data
“Processing of personal information is allowed when necessary for the fulfillment of functions of public authority or for the legitimate interests of the organization...”
— RA 10173, Sec. 12
Objective: To manage internal services such as facility usage, supply procurement, and vendor transactions.
Data Examples: Dormitory logs, procurement files, supplier information
“Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.”
— RA 10173, Sec. 11 (Proportionality Principle)
CMU may collect the following types of data:
“The types of personal data to be collected must be appropriate to the purpose for which it is processed and must not be excessive.”
— RA 10173, Sec. 11 (Proportionality Principle)
CMU applies enhanced protection measures when processing sensitive personal data, which may include:
Key Practices:
“Sensitive personal information... shall be allowed only in the following cases: (a) When the data subject has given his or her consent... or (b) The processing... is provided for by existing laws and regulations.”
— RA 10173, Sec. 13
All university employees are responsible for upholding data privacy within their respective functions:
“Each personal information controller is responsible for personal data under its control or custody...”
— RA 10173, Sec. 20
CMU’s data collection activities are grounded in legal compliance and ethical responsibility. By adhering to the principles of transparency, legitimate purpose, and proportionality, the University ensures that personal and sensitive information is handled with respect and care. All CMU personnel must remain vigilant in protecting data rights. This guidance serves as an operational tool for implementing responsible data practices across academic, research, outreach, and administrative functions.