P O LY T E C H N I C U N I V E R S I T Y O F T H E P H I L I P P I N E S 1

ABSTRACT

Title : LEVEL OF AWARENESS OF BACHELOR OF

SCIENCE IN ACCOUNTANCY STUDENTS ON DATA
PRIVACY ACT

Researchers : Bianca Camille G. Cabali

Trisha B. Laderas

Bianca Ysabelle S. Taduyo

Degree : Bachelor of Science in Accountancy

Institution : Polytechnic University of the Philippines

Year : 2019

Adviser : Ryan C. Roque, MBA, CPA

The ‘right to privacy’ is a right we all expect. Republic Act 10173 also known

as Data Privacy Act of 2012” was signed into law by President Benigno S. Aquino

last August 15, 2012, an act protecting personal information in information and

communications systems in the Government and the private sector, creating for

this purpose a National Privacy Commission. This study made used of the

quantitative research. The researchers mainly used the survey questionnaire in

order to accumulate the necessary information. Also, the researchers referred to

existing theses, studies, books, journals, and articles to obtain additional

knowledge about Data Privacy Act. This study found statistically significant

differences among the groups regarding the level of awareness on Data Privacy

Act of 2012, data privacy rights, and the school compliance in the Data Privacy Act.

Based on the findings the researchers had come up that schools should be the one
 P O LY T E C H N I C U N I V E R S I T Y O F T H E P H I L I P P I N E S 2

to educate the students about Data Privacy Act. The National Privacy Commission

should establish awareness programs among schools.

 P O LY T E C H N I C U N I V E R S I T Y O F T H E P H I L I P P I N E S 3

Chapter 1

THE PROBLEM AND ITS SETTING

Introduction

In our fast-growing economy information and communications technology play a

significant role in nation-building and development of the country. In the digital age, one

who holds information holds power. From macro-economic standpoint, the free flow of

information is concededly vital to the growth of any nation, and key to the success of any

business. With the power that follows information, it is in the awareness of the public to

govern the restrictions by which such power will be held, while at the same time ensuring

the free flow of information to promote innovation and growth. From the perspective of

every citizens and individuals, the public also protects their fundamental human rights to

privacy of communication. Due to the exponentially increasing availability of ways and

means to access personal data and information, it becomes the duty of the State to guard

against violation of the individual’s rights.

Data privacy can be defined as the desire of an individual to control or influence

information about one’s self. In the Philippines, the National Privacy Commission (NPC)

mandated to administer and implement the provisions of the Data Privacy Act of 2012 and

to monitor and ensure compliance of the country with international standards set for data

protection. The Commission safeguards the fundamental human right of every individual to

privacy, particularly Information privacy while ensuring free flow of information for

innovation, growth, and national development. Protecting personal information comes from

one’s free will and it must be recognized by all democratic society.

 P O LY T E C H N I C U N I V E R S I T Y O F T H E P H I L I P P I N E S 4

In 2012 the Philippines passed the Data Privacy Act 2012, comprehensive and strict

privacy legislation “to protect the fundamental human right of privacy, of communication

while ensuring free flow of information to promote innovation and growth.” (Republic Act.

No. 10173, Ch. 1, Sec. 2). Republic Act No. 10173, otherwise known, as the Data Privacy

Act is a law that seeks to protect all forms of information, be it private, personal, or

sensitive. The act meant to cover both natural and juridical persons involved in the

processing of personal information.

Privacy is a complex topic in higher education and the privacy implications for

institutional activities can be distinction. Colleges and universities encounter thorny

autonomy and information privacy issues every day, from understanding the institutional

impact of the latest law that attempts to collect certain privacy rights to figuring out the role

of prospective student social media posts in admissions processes to using analytics to

help measure student success. Institutions that understand the degree of the varied data

privacy issues existing in the higher education environment will be well prepared to

address them.

The growing concern for greater data security in higher education is being

encourage by the equally fast-growing awareness in the public of the threat of identity theft

accompanied by the realization on the part of criminal elements that the local college or

university could be an easy target. This study aims to find out if the application of Data

Privacy Act of 2012 was implemented successfully. Specifically, this study aims to

determine whether students have been aware of this existing law.

 P O LY T E C H N I C U N I V E R S I T Y O F T H E P H I L I P P I N E S 5

Theoretical Framework

This research is focused on study of Data Privacy Act. The researchers

gathered several theories that greatly contributed to the study to better understand the

problem at hand.

Activity theory (AT) focuses on human interaction and the use of tools within a social

system. According to Waitoller and Kozleski, it describes an activity as being composed of

subject, object and tools as a mediator. According to Karanasios and Allen (2013), an

activity is anything small or big that we do, which is based on assumptions that tools

mediate between subject and object. Technology is seen as tools that facilitate social

action and interaction within context. The processing of information involves interaction

between the user and tools, such as technology. The theory explains the interaction that

takes place between human beings and social system, which include working environment

and community of people.

From an Activity Theory perspective, for an activity to take place there has to be a

subject, which is driven by a motive. Private and governmental departments require

individuals to surrender personal information in order to receive service and this

information is processed by employees and stored manually or digitally in order to retain

its confidentiality, integrity and availability

(Wylie et al. 2000). There are policies and regulations that must be adhered to,

when handling information. The outcomes are expected to help prevent challenges that

are faced by organizations in handling private information of their clients.

Factors such as information and its value, the roles of society and its compliance to

information protection, government and its laws relating to information protection, and the

need for standardization of information usage and management within a community can
 P O LY T E C H N I C U N I V E R S I T Y O F T H E P H I L I P P I N E S 6

be used towards development of information protection and breaches conceptual

framework

Restricted Access Theory of Privacy

According to Herman Tavani, the restricted access theory of privacy sees privacy

given if one is able to limit and restrict others from access to personal information and

personal affairs. Restricted access theories conceive privacy as Trans subjective, it is seen

as an objective normative right or moral value that exists also if politics or human practices

choose to implement mechanisms that reveal private facts in public or allow the public

access to the private sphere of individuals. Privacy is considered as a moral structure that

is aimed at protecting all humans. Therefore, Mill conceives privacy as a circle around

individuals: There is a circle around every individual human being, which no government,

be it that of one, of a few, or of the many, ought to be permitted to overstep: there is a part

of the life of every person who has come to years of discretion, within which the

individuality of that person ought to reign uncontrolled either by any other individual or by

the public collectively.The restricted access theory of privacy is an objective theory in

Giddens’ terminology because it conceives privacy as a transindividual moral structure that

exists as right and ethical imperative relatively independently of single human actions.

Limited access refers to a moral structural sphere that protects individuals from privacy

intrusion and enables them to act in society. . Based on this action, a sphere of privacy of

individuals that is protected from access to others may be set up that enables individuals

to act in society, their private sphere, and the public based on privacy and data protection.
 P O LY T E C H N I C U N I V E R S I T Y O F T H E P H I L I P P I N E S 7

Control Theory of Privacy

The control theory of privacy sees privacy as control and self-determination over

information about oneself and over the access to one’s personal affairs. The most well-

known privacy theory of this kind was formulated by Alan Westin, who defined privacy as

the “claim of individuals, groups or institutions to determine for themselves when, how, and

to what extent information about them is communicated to others”. Control theories are

focused on individual self-determination over privacy. Privacy is dependent on human

action, individuals may choose to withhold or reveal a lot of information about themselves.

Privacy in these theories is therefore variable, dynamic, and flexible, depending on the

behavior of individuals.

Conceptual Framework

This Figure 1. Research Paradigm shows the input, process, and output of the

awareness on Data Privacy Act of BSA students. The arrow illustrates the workflow of

information of the research process.

 P O LY T E C H N I C U N I V E R S I T Y O F T H E P H I L I P P I N E S 8

Figure 3

Conceptual Framework

INPUTS PROCESS OUTPUT

A. Profile
 Name (optional)
 Age
 Gender
 Year and
Section
B. Aspects of the Data
Privacy Act Assessment of the Awareness of Data
a) Degree of
awareness of the Privacy Act of BSA
Awareness to Data Privacy Act of students.
the existence BSA Students.
of Data Recommendations.
Privacy Act of Presentation,
2012 Analysis and
b) Data privacy Interpretation of
Rights data gathered
 The right to be through survey
informed questionnare.
 The right to access
 Right to object
 Right to erasure or
blocking
 Right to damages
 Right to file a
complaint with the
National Privacy
Commission
 Right to rectify
 Right to data
portability
C. School compliance
– School privacy
policy

FEEDBACK
 P O LY T E C H N I C U N I V E R S I T Y O F T H E P H I L I P P I N E S 9

The input includes profile of the respondents and the aspects of the Data Privacy

Act of BSA Students. The profile of the students consists name (optional), age, gender,

year level and section while aspects of Data Privacy Act consists of degree of Awareness

to the existence of Data Privacy Act of 2012, Data privacy Rights ,which includes the right

to be informed, the right to access, right to object, right to erasure or blocking, right to

damages, right to file a complaint with the National Privacy Commission ,right to rectify,

right to data portability, and School compliance – School privacy policy.

The Process indicates the assessment of the awareness on Data Privacy Act of

BSA Students and presentation, analysis and interpretation of Data gathered through

survey questionnaire.

The output shows the awareness on Data Privacy Act of BSA students assessed.

Statement of the Problem

The purpose of this study was to determine the level of awareness of BSA students

in PUP, Sta. Mesa on Data Privacy Act.

Specifically, the researchers sought to answer the following problems:

1.0 What is the demographic profile of the respondents in terms of:

1.1 Name (optional)

1.2 Age

1.3 Gender

1.4 Year and Section

2.0 Level of Awareness in Data Privacy Act in terms of the following:

2.1 Degree of Awareness to the existence of Data Privacy Act of 2012

2.2 Data privacy Rights

 P O LY T E C H N I C U N I V E R S I T Y O F T H E P H I L I P P I N E S 10

i. The right to be informed

ii. The right to access

iii. Right to object

iv. Right to erasure or blocking

v. Right to damages

vi. Right to file a complaint with the National Privacy Commission

vii. Right to rectify

viii. Right to data portability

2.3 School compliance – School privacy policy

3.0 Is there a significant difference in the respondents’ assessment on the level of

awareness of Data Privacy Act of BSA students when they are grouped according to

their year level?

Hypothesis

There is no significant difference in the respondents’ assessment on the level of

awareness of Data Privacy Act of BSA students when they are grouped according to their

year level.

Scope and Limitations of the Study

This study primarily focuses on the level of awareness of selected BSA students. As

such, it aims to determine whether Data Privacy Act of 2012 has succeeded in its goal to

monitor and ensure compliance of the country with international standards set for data

protection following to the rules and regulations of this act. The setting of the study is at

the PUP College of Accountancy at Polytechnic University of the Philippines, Mabini

 P O LY T E C H N I C U N I V E R S I T Y O F T H E P H I L I P P I N E S 11

Campus, Sta. Mesa Manila. The target respondents are first year and second year

students taking up Bachelor of Science in Accountancy. The study does not cover all BSA

students in the PUP neither does it cover all the first year and second year students.

Given the limited resources of the researchers, the study does not claim to be a

definitive text in the assessment of the student’s Data Privacy Act awareness. The

information obtained from surveys are only personal assessments made by the

respondents and can, therefore, be susceptible to subjectivity.

Significance of the Study

This study is significant to give information and to contribute for further

studies to the following institutions and individuals:

Students. This will give them information about the implementation of the

Data Privacy Act and their awareness of it.

Parents. This study will help parents in ensuring whether those personal

data they were given were used in the schools.

Members of the Academe. This study will contribute to the members of the

academe on how they will raise awareness on Data Privacy Act among the

students.

Other Researchers. This study will be an effective tool and reference for the

researchers who would intend to make any further relevant study.