Guidelines on Social Media and Digital Platforms

Data Privacy Guidelines on the Use of Social Media and Other Digital Platforms

The following Guidelines are intended to direct the Louisian community in exercising caution and sound judgment in using social media and other digital platforms. These platforms include the SLU website, institutional and personal email communications, SLU Portal, chat and messaging applications, social media applications and other similar digital platforms.

These will supplement existing laws, policies, and guidelines that include the following:

1. • Data Privacy Act of 2012 (Republic Act 10173);

• • Intellectual Property Code of the Philippines (Republic Act 8293);

• • Anti-Bullying Act of 2013 (Republic Act 10627);

• • Privacy Policy for Students and Students Applicants Seeking for Admission in SLU;

• • Policies and Guidelines on Student Behavior during Online and Correspondence-based Learning;

• • Distance Learning Code of Discipline for Pupils;

• • Child Protection Policy;

• • General Guidelines for Teachers;

• • Special Guidelines for the Recognition / Renewal of Recognition of Student Organizations /
    Publications for AY 2021 – 2022 and Conduct of Activity;

• • Data Privacy Guidelines on Flexible Learning for AY 2021-2022;

• • Administrative Memo No. 35, s. 2019 (Strict Observance of Advisory No. 1, s. 2019);

• • DPC Advisory No. 1 (Securing Confidential and Other Work-Related Information Through
    Responsible Data Protection);

• • Administrative Memo No. 12, s. 2019 (Social Media);

• • Administrative Memo No. 33, s. 2019: (Protecting the Environment through the “Think Before You
    Print” Campaign and Maximizing the Use of Email and Other Electronic Means of Communication);

• • DPC Advisory No. 2021-01 (Use of Electronic Signature).

I. Definition of Terms as used in this document:

1. • Digital Platforms are software-based online infrastructure that facilitate interactions and
     exchange of information between users. These include Web portals, social media sites, as well as
     messaging and media sharing platforms.

• • Social Media Sites provide interactive platforms for the creation of user-generated content
    and sharing of information through a social network.

• • Official Social Media Sites are created by specific units in SLU to represent a particular
    office, school, or degree program. These provide its administrators a means to disseminate
    information and connect with its virtual community. These official media sites must be coordinated
    with the External Relation, Media & Communications, and Alumni Affairs (ERMCAA).

• • Institutional Social Media Accounts are accounts created to handle university-wide social media
    posts. Managerial access is limited to authorized personnel.

• • Institutional Accounts refer to any individual or office account that is managed under the
    .sIu.edu.ph domain. Any other account is considered a Personal Account.

• • Personal Data refers to the definition under the Data Privacy Act of 2012 and includes
    personal information, sensitive personal information, and privileged information.

• • Posts refer to content shared online that other users may view, react to, share, and comment on.
    Posts may be in text, link, image, photo, audio, and video formats.

II. Privacy Settings

1. • Use the privacy settings available in social media sites and other digital platforms for both
     institutional and personal accounts.

• • Teachers and parents should assist minors in setting up the privacy settings of their respective
    accounts.

• • Privacy settings do NOT offer complete protection of private information. As people can still
    take screenshots of posts and comments, as well as download or make copies of pictures and videos
    and forward the data to others, caution must be made in ensuring that the contents of the
    email/message/post shall not include sensitive data or information. Take note that information
    deleted by a user may still be archived by the site.

• • Ensure that any post made online is in accordance with the privacy settings that was intended
    for it (e.g., public, closed group).

• • Keep the passwords to all personal and institutional accounts private. Avoid security risks and
    leaks by using strong passwords. Do not use as password, personal information such as date of
    birth, TIN number, or any similar information. Change passwords regularly and use secure
    authentication measures, whenever these are provided.

III. Use of Digital Platforms by SLU Personnel
A. Posting of Content Online

1. • Posting of content with Personal Data online must comply with the principles of transparency,
     legitimate purpose, and proportionality (General Data Privacy Guidelines on Flexible Learning, Data
     Privacy Act of 2012). (This online posts include files that are shared online, such as Google                                                                  Documents or Spreadsheets, which contain personal information that are not intended for the individuals                                            who are given access to the file.)

• • Observe intellectual property and copyright laws when posting documents, photos, or
    videos.

• • Respect the ideas of others. Do not post an idea or point that is directly lifted from the post
    or email of someone else without the author’s consent. Proper attribution must be given to the
    author.

• • University proprietary information (e.g., financial data, internal communication and business
    transactions) should not be shared online.

• • University news or events that are a matter of public record may be shared in one’s personal
    social media network.

• • Personal data collected in one’s official capacity and/or during an official activity must
    not be used for personal purposes or shared in one’s personal social media network without                                                                  adhering to the provisions of this document.

• • When social media is used in the conduct of one’s official duties, SLU personnel must ensure
    that proper behavior and appropriate representation of the University is exhibited accordingly.

• • An individual who identifies oneself as an SLU employee and states opinions online must ensure
    that it is made clear that such views do not represent the views of SLU, its management and its
    affiliates.

• • Should there be any uncertainty regarding adherence to the principles of transparency,
    legitimate purpose, and proportionality, advice must be sought from his/her Head of Office or the
    Data Protection Office (DPO).

• • Personnel who inadvertently view confidential information pertaining to fellow Louisians
    through digital platforms should not disclose these information and should report the incident
    immediately to one’s head of office or the DPO.

B. Official Social Media Sites

1. • Any post made in official social media sites of SLU must be authorized by the
     personnel-in-charge. The contents of the post shall be subject to the guidelines in Section A.

• • Official SLU social media sites and institutional social media accounts must be duly
    administered by either the Head of Office or any personnel designated by the Head of Office. These
    sites must be duly recognized by ERMCAA. These must be set up so that they are identifiable as
    official sites and distinguishable from similar non-official sites.

• • Administrators of official social media sites are responsible for ensuring that the content is
    kept updated, relevant, and accurate. Posts must be constructed clearly and distinctly to avoid
    misinterpretation. Any errors should be corrected as soon as the discovery of the error is made.

• • Administrators should ensure that professionalism is exercised in the tone and
    content of posted information. Furthermore, extra care must be given in formulating private
    messages and replies to comments made on such postings as these are a reflection of the author,                                                                  the unit being represented by the site, and the University.

• • Administrators and/or authorized personnel must monitor comments so that replies can be made in
    a timely manner. Consider providing a comment policy so that users are aware of what types of
    comments may not be appropriate. Use available comment administrator features of the site as
    necessary.

• • ERMCAA is the Office of the University that handles official external communications such as
    website posting, institutional and university-wide social media posting, and the like. Any
    communication that is intended to be officially posted and recognized must be coordinated with the
    Director of ERMCAA.

IV. Communication and Collaboration in the Conduct of Classes

1. • Digital communications between the faculty and students are done primarily through the official
     platforms designated for Online-Based Learning (OBL) and Correspondence-Based Learning (CBL)
     modalities.

• • There must be an explicit arrangement between the students and faculty members regarding
    alternative modes of communication and submission. The appropriate protocols regarding these
    should be strictly observed (Data Privacy Guidelines on Flexible Learning). Faculty members are
    responsible for ensuring that student submissions and Personal Data transmitted and processed                                                              using non-official digital platforms and social media are kept secure and confidential.

• • The Faculty may use social media as a means for conducting class activities as long as these are
    in line with the learning objectives of the subject/course.

• • Announcements made to students using non-official digital platforms should be an option in
    addition to the official LMS and communication platforms.

• • The following alternative options for online communications are currently available for use. It
    is recommended that Signal be used for sensitive personal information such as grades. Messenger
    should be the last option for sending Personal Data. Should there be new or alternative tools, the
    utilization of these must be coordinated by the faculty member with the respective Head of Office.

Instant Messaging (ranked from highest to lowest security level)	Communication and Collaboration (ranked from highest to lowest security level)
Signal Telegram Viber WhatsApp Messenger	Discord Slack Microsoft Teams

V. Use of Digital Platforms by Students
A. Posting of Content Online

1. • Posting of content with Personal Data online must comply with the principles of transparency,
     legitimate purpose, and proportionality (General Data Privacy Guidelines on Flexible
     Learning, Data PfiVOC/ Act of 2012).

• • Observance of intellectual property and copyright laws when posting documents, photos or videos
    must be strictly complied with.

• • Instructional materials, in whole or in part, should not be posted or shared online without the
    written consent of the faculty in charge. Consent of other faculty and students involved may also
    be needed for other learning resources such as recordings of online classes.

• • Respect the ideas of others. Do not post an idea or point that is directly lifted from the post
    or email of someone else without the author’s consent. Proper attribution must be given to the
    author.

• • Students should adhere to the provisions of the Student Handbook and other
    applicable student policies and guidelines in relation to the content they post online.

• • Ensure that posts do not violate the Child Protection Policy and the Anti-Bullying Act
    of 2013.

• • University news or events that are a matter of public record may be shared in one’s
    personal social network.

• • Students who come across university proprietary information (e.g., financial data, internal
    communication and transactions) should not share these online.

• • Students who inadvertently view confidential information pertaining to fellow
    Louisians through digital platforms should not disclose these information and should report the
    incident immediately to authorized personnel (e.g., teacher / instructor, LAC, department head).

B. Social Media Sites of School Organizations and Publications

1. • Social media sites of school organizations and publications must be duly administered by its key
     officers, in coordination with their faculty advisers. These sites must be set up so that they are
     identifiable as the official sites for the organization or publication. These sites must be duly
     recognized by ERMCAA.

• • Student organizations and university/school publications should comply with the Office of
    Student Affairs (OSA) guidelines related to posts made on their social media sites and the
    implementation of their activities. (Special Guidelines /or the Recognition / Renewal of
    Recognition of Student Organizations / Publications for AY 2021 – 2022 and Conduct of Activity)

VI. Email Communications

1. • Email communications by personnel in their official capacity should be sent using their institutional accounts.

• • The use of appropriate tone and content when sending messages through email but be strictly
    complied with. Ensure that messages are sent only to their intended recipients.

• • If an email message contains Personal Data, ensure that it adheres to the principles of
    transparency, legitimate purpose, and proportionality. The integrity of the data being shared
    should be checked prior to sending.

• • Be careful about forwarding messages. These may contain a set of email addresses and
    private messages that should not be seen by the intended recipients. Use sound judgment in deciding when it is more appropriate to send messages (based on forwarded information and/or attachments) that originate from the sender.

• • Do not capture images or videos of email communications from other parties and post these
    online. Create an original message or post if it is based on communication that comes from an email
    message.

• • Use the blind carbon copy (bcc) to address multiple recipients, unless addressing a closed group
    that frequently communicates with each other. This protects the privacy of emails and avoids the
    inadvertent sending of replies to everyone in the list.

• • When replying to an email that is sent to multiple recipients, check whether the reply is
    intended only for the sender or for all recipients. Choose the appropriate option before clicking
    on the send button.

• • For email blast requests to TMDD, the following protocol is to be followed:
    a. Accomplish the Request Form for Email Blast. This form includes the nature of the request, the
    purpose of the request, contents of the message, and information about attachments, if any.
    b. Clearance from the Head of Office must be obtained.
    c. The email will be prepared and sent by the designated personnel upon approval of the TMDD
    Director.
    d. When in doubt regarding the information that will be disseminated, consult the DPO for assistance.

• • Communication with sensitive content must be sent in confidential mode to ensure protection of
    sensitive information from unauthorized or accidental sharing. The confidential mode allows the
    setting of message expiration dates, revoking message access at any time and requiring a
    verification code by text in order to open the message.

• • Ensure that file attachments that contain sensitive personal information are password-
    protected prior to sending.

VII. SLU Logo
The SLU logo must not be modified or used online for personal purposes. The Head of Office shall be
informed of the use of the SLU Logo by the faculty and staff.