Data Privacy Guidelines on the Use of Social Media and Other Digital Platforms

The following Guidelines are intended to direct the Louisian community in exercising caution and sound judgment in using social media and other digital platforms. These platforms include the SLU website, institutional and personal email communications, SLU Portal, chat and messaging applications, social media applications and other similar digital platforms.

These will supplement existing laws, policies, and guidelines that include the following:

    • Data Privacy Act of 2012 (Republic Act 10173);

    • Intellectual Property Code of the Philippines (Republic Act 8293);

    • Anti-Bullying Act of 2013 (Republic Act 10627);

    • Privacy Policy for Students and Students Applicants Seeking for Admission in SLU;

    • Policies and Guidelines on Student Behavior during Online and Correspondence-based Learning;

    • Distance Learning Code of Discipline for Pupils;

    • Child Protection Policy;

    • General Guidelines for Teachers;

    • Special Guidelines for the Recognition / Renewal of Recognition of Student Organizations /
      Publications for AY 2021 – 2022 and Conduct of Activity;

    • Data Privacy Guidelines on Flexible Learning for AY 2021-2022;

    • Administrative Memo No. 35, s. 2019 (Strict Observance of Advisory No. 1, s. 2019);

    • DPC Advisory No. 1 (Securing Confidential and Other Work-Related Information Through
      Responsible Data Protection);

    • Administrative Memo No. 12, s. 2019 (Social Media);

    • Administrative Memo No. 33, s. 2019: (Protecting the Environment through the “Think Before You
      Print” Campaign and Maximizing the Use of Email and Other Electronic Means of Communication);

    • DPC Advisory No. 2021-01 (Use of Electronic Signature).

I. Definition of Terms as used in this document:

    • Digital Platforms are software-based online infrastructure that facilitate interactions and
      exchange of information between users. These include Web portals, social media sites, as well as
      messaging and media sharing platforms.

    • Social Media Sites provide interactive platforms for the creation of user-generated content
      and sharing of information through a social network.

    • Official Social Media Sites are created by specific units in SLU to represent a particular
      office, school, or degree program. These provide its administrators a means to disseminate
      information and connect with its virtual community. These official media sites must be coordinated
      with the External Relation, Media & Communications, and Alumni Affairs (ERMCAA).

    • Institutional Social Media Accounts are accounts created to handle university-wide social media
      posts. Managerial access is limited to authorized personnel.

    • Institutional Accounts refer to any individual or office account that is managed under the
      .sIu.edu.ph domain. Any other account is considered a Personal Account.

    • Personal Data refers to the definition under the Data Privacy Act of 2012 and includes
      personal information, sensitive personal information, and privileged information.

    • Posts refer to content shared online that other users may view, react to, share, and comment on.
      Posts may be in text, link, image, photo, audio, and video formats.

II. Privacy Settings

    • Use the privacy settings available in social media sites and other digital platforms for both
      institutional and personal accounts.

    • Teachers and parents should assist minors in setting up the privacy settings of their respective
      accounts.

    • Privacy settings do NOT offer complete protection of private information. As people can still
      take screenshots of posts and comments, as well as download or make copies of pictures and videos
      and forward the data to others, caution must be made in ensuring that the contents of the
      email/message/post shall not include sensitive data or information. Take note that information
      deleted by a user may still be archived by the site.

    • Ensure that any post made online is in accordance with the privacy settings that was intended
      for it (e.g., public, closed group).

    • Keep the passwords to all personal and institutional accounts private. Avoid security risks and
      leaks by using strong passwords. Do not use as password, personal information such as date of
      birth, TIN number, or any similar information. Change passwords regularly and use secure
      authentication measures, whenever these are provided.

III. Use of Digital Platforms by SLU Personnel
A. Posting of Content Online

    • Posting of content with Personal Data online must comply with the principles of transparency,
      legitimate purpose, and proportionality (General Data Privacy Guidelines on Flexible Learning, Data
      Privacy Act of 2012). (This online posts include files that are shared online, such as Google                                                                  Documents or Spreadsheets, which contain personal information that are not intended for the individuals                                            who are given access to the file.)

    • Observe intellectual property and copyright laws when posting documents, photos, or
      videos.

    • Respect the ideas of others. Do not post an idea or point that is directly lifted from the post
      or email of someone else without the author’s consent. Proper attribution must be given to the
      author.

    • University proprietary information (e.g., financial data, internal communication and business
      transactions) should not be shared online.

    • University news or events that are a matter of public record may be shared in one’s personal
      social media network.

    • Personal data collected in one’s official capacity and/or during an official activity must
      not be used for personal purposes or shared in one’s personal social media network without                                                                  adhering to the provisions of this document.

    • When social media is used in the conduct of one’s official duties, SLU personnel must ensure
      that proper behavior and appropriate representation of the University is exhibited accordingly.

    • An individual who identifies oneself as an SLU employee and states opinions online must ensure
      that it is made clear that such views do not represent the views of SLU, its management and its
      affiliates.

    • Should there be any uncertainty regarding adherence to the principles of transparency,
      legitimate purpose, and proportionality, advice must be sought from his/her Head of Office or the
      Data Protection Office (DPO).

    • Personnel who inadvertently view confidential information pertaining to fellow Louisians
      through digital platforms should not disclose these information and should report the incident
      immediately to one’s head of office or the DPO.

B. Official Social Media Sites

    • Any post made in official social media sites of SLU must be authorized by the
      personnel-in-charge. The contents of the post shall be subject to the guidelines in Section A.

    • Official SLU social media sites and institutional social media accounts must be duly
      administered by either the Head of Office or any personnel designated by the Head of Office. These
      sites must be duly recognized by ERMCAA. These must be set up so that they are identifiable as
      official sites and distinguishable from similar non-official sites.

    • Administrators of official social media sites are responsible for ensuring that the content is
      kept updated, relevant, and accurate. Posts must be constructed clearly and distinctly to avoid
      misinterpretation. Any errors should be corrected as soon as the discovery of the error is made.

    • Administrators should ensure that professionalism is exercised in the tone and
      content of posted information. Furthermore, extra care must be given in formulating private
      messages and replies to comments made on such postings as these are a reflection of the author,                                                                  the unit being represented by the site, and the University.

    • Administrators and/or authorized personnel must monitor comments so that replies can be made in
      a timely manner. Consider providing a comment policy so that users are aware of what types of
      comments may not be appropriate. Use available comment administrator features of the site as
      necessary.

    • ERMCAA is the Office of the University that handles official external communications such as
      website posting, institutional and university-wide social media posting, and the like. Any
      communication that is intended to be officially posted and recognized must be coordinated with the
      Director of ERMCAA.

IV. Communication and Collaboration in the Conduct of Classes

    • Digital communications between the faculty and students are done primarily through the official
      platforms designated for Online-Based Learning (OBL) and Correspondence-Based Learning (CBL)
      modalities.

    • There must be an explicit arrangement between the students and faculty members regarding
      alternative modes of communication and submission. The appropriate protocols regarding these
      should be strictly observed (Data Privacy Guidelines on Flexible Learning). Faculty members are
      responsible for ensuring that student submissions and Personal Data transmitted and processed                                                              using non-official digital platforms and social media are kept secure and confidential.

    • The Faculty may use social media as a means for conducting class activities as long as these are
      in line with the learning objectives of the subject/course.

    • Announcements made to students using non-official digital platforms should be an option in
      addition to the official LMS and communication platforms.

    • The following alternative options for online communications are currently available for use. It
      is recommended that Signal be used for sensitive personal information such as grades. Messenger
      should be the last option for sending Personal Data. Should there be new or alternative tools, the
      utilization of these must be coordinated by the faculty member with the respective Head of Office.

Instant Messaging (ranked from highest to lowest security level) Communication and Collaboration (ranked from highest to lowest security level)
Signal
Telegram
Viber
WhatsApp
Messenger
Discord
Slack
Microsoft Teams

V. Use of Digital Platforms by Students
A. Posting of Content Online

    • Posting of content with Personal Data online must comply with the principles of transparency,
      legitimate purpose, and proportionality (General Data Privacy Guidelines on Flexible
      Learning, Data PfiVOC/ Act of 2012).

    • Observance of intellectual property and copyright laws when posting documents, photos or videos
      must be strictly complied with.

    • Instructional materials, in whole or in part, should not be posted or shared online without the
      written consent of the faculty in charge. Consent of other faculty and students involved may also
      be needed for other learning resources such as recordings of online classes.

    • Respect the ideas of others. Do not post an idea or point that is directly lifted from the post
      or email of someone else without the author’s consent. Proper attribution must be given to the
      author.

    • Students should adhere to the provisions of the Student Handbook and other
      applicable student policies and guidelines in relation to the content they post online.

    • Ensure that posts do not violate the Child Protection Policy and the Anti-Bullying Act
      of 2013.

    • University news or events that are a matter of public record may be shared in one’s
      personal social network.

    • Students who come across university proprietary information (e.g., financial data, internal
      communication and transactions) should not share these online.

    • Students who inadvertently view confidential information pertaining to fellow
      Louisians through digital platforms should not disclose these information and should report the
      incident immediately to authorized personnel (e.g., teacher / instructor, LAC, department head).

B. Social Media Sites of School Organizations and Publications

    • Social media sites of school organizations and publications must be duly administered by its key
      officers, in coordination with their faculty advisers. These sites must be set up so that they are
      identifiable as the official sites for the organization or publication. These sites must be duly
      recognized by ERMCAA.

    • Student organizations and university/school publications should comply with the Office of
      Student Affairs (OSA) guidelines related to posts made on their social media sites and the
      implementation of their activities. (Special Guidelines /or the Recognition / Renewal of
      Recognition of Student Organizations / Publications for AY 2021 – 2022 and Conduct of Activity)

VI. Email Communications

    • Email communications by personnel in their official capacity should be sent using their institutional accounts.

    • The use of appropriate tone and content when sending messages through email but be strictly
      complied with. Ensure that messages are sent only to their intended recipients.

    • If an email message contains Personal Data, ensure that it adheres to the principles of
      transparency, legitimate purpose, and proportionality. The integrity of the data being shared
      should be checked prior to sending.

    • Be careful about forwarding messages. These may contain a set of email addresses and
      private messages that should not be seen by the intended recipients. Use sound judgment in deciding when it is more appropriate to send messages (based on forwarded information and/or attachments) that originate from the sender.

    • Do not capture images or videos of email communications from other parties and post these
      online. Create an original message or post if it is based on communication that comes from an email
      message.

    • Use the blind carbon copy (bcc) to address multiple recipients, unless addressing a closed group
      that frequently communicates with each other. This protects the privacy of emails and avoids the
      inadvertent sending of replies to everyone in the list.

    • When replying to an email that is sent to multiple recipients, check whether the reply is
      intended only for the sender or for all recipients. Choose the appropriate option before clicking
      on the send button.

    • For email blast requests to TMDD, the following protocol is to be followed:
      a. Accomplish the Request Form for Email Blast. This form includes the nature of the request, the
      purpose of the request, contents of the message, and information about attachments, if any.
      b. Clearance from the Head of Office must be obtained.
      c. The email will be prepared and sent by the designated personnel upon approval of the TMDD
      Director.
      d. When in doubt regarding the information that will be disseminated, consult the DPO for assistance.

    • Communication with sensitive content must be sent in confidential mode to ensure protection of
      sensitive information from unauthorized or accidental sharing. The confidential mode allows the
      setting of message expiration dates, revoking message access at any time and requiring a
      verification code by text in order to open the message.

    • Ensure that file attachments that contain sensitive personal information are password-
      protected prior to sending.

VII. SLU Logo
The SLU logo must not be modified or used online for personal purposes. The Head of Office shall be
informed of the use of the SLU Logo by the faculty and staff.