DATA CONFIDENTIALITY:

A PRIVACY CONCERN

A Case Study
Presented to

MR. RICHARD M. GOMONIT

Instructor

A Partial Requirement of the Course Social & Professional Issues 2

Submitted by:
Tabamo, Akeem
Manaay, John Thomas
Marines, Terence Rico
Omamalin, Aldric May
Oliveros, Raffael
Pacto, Daniel
Paje, Dennis
Peoylo, Gaea
Ragas, Karl Ryan
Rosalejos, Kisha
Salvaña, Ruel James
Sarigumba, Mary Rose
Somobay, Noven John
Rojo, Brilliant Rose
Ybañez, Jezriel

BSIT-3A
June 15, 2023
DATA CONFIDENTIALITY: A PRIVACY CONCERN

Introduction

Confidentiality in ethical term refers to the duty of an entrusted personnel especially

professionals to protect privileged information and to share entrusted information
responsibly. It stems from the notion that a person’s wishes, decisions, and personal
information should be treated with respect. The duty of confidentiality can apply to
individuals, organizations, and institutions. While there are different definitions for the term,
all the definitions pretty much mean the same thing, which is keeping information private
unless you have the express consent of the party involved to divulge that information to a
third party.
Data confidentiality means that personal data, trade secrets, and other private
business data are protected against unauthorized access, disclosure without permission,
and theft. Failure to protect and secure confidential information may not only lead to the loss
of business or clients, but it also unlocks the danger of confidential information being
misused to commit illegal activity such as fraud. A key element of confidentiality is that it
helps build trust.
School records does also hold big information regarding different student matters.
Based on an article published by the Institute of Education Sciences, to protect the privacy of
students in school, states and the federal government have established strong legal statutes
to keep private the information in education records that schools maintain on students.
These laws frame data collection procedures, restrict information disclosure, and safeguard
the quality of the information that school systems routinely collect and maintain. All
education records about students, whether handwritten or computerized, are protected by
the same privacy regulations. Education personnel are responsible for protecting the
integrity and accuracy of the information they gather and maintain. Therefore, data
managers, their staff, and other agency and school personnel, must become familiar with the
laws that ensure the confidentiality of the records as well as the legal concepts underlying
those laws.
Privacy refers to the right to be free from interference. Privacy is supposed to enable
individuals to exert control over their own lives, which includes deciding who should have
access to personal information, and when and how this information will be disclosed. Privacy
is a uniquely personal right that reflects an individual's freedom from intrusion. Protecting
privacy means ensuring that information about individuals is not disclosed without their
consent. A student's right of privacy is violated when personal information is disclosed to
others without consent, or when he or she is being asked for personal information by others
who have no legal basis to do so. While confidentiality, defined above, refers to restricting
disclosure of information to authorized individuals only, privacy refers to protection from
personal intrusion.
Although there remain disputes concerning what the concepts of privacy and
confidentiality precisely entail, it is generally agreed that they are not absolute notions. The
level of privacy that one can reasonably expect, for example, varies dramatically depending
on the context. One’s privacy can appreciably diminish when one discloses information in a
public area. School records information that a student/teacher discusses with others while
walking in a city park might be overheard by other individuals and can be used for malicious
activities. Yet if this information is discussed while in a private office, it is more likely that
privacy can be maintained.
While confidentiality is an ethical duty, privacy is a right rooted in common law.
Understanding the difference between the two terms can eliminate a lot of confusion when
signing contracts, establishing a client-attorney relationship, and generally knowing your
rights in a given situation.

Statement of the Problem

Data confidentiality should be at the top priority when it comes to leading your data
toward keeping school records and most importantly also to maintain your privacy.
The purpose of this study is to:

1. To determine the significance of confidentiality in privacy concern.

2. State laws, regulations, or contracts that require why is data need to remain
confidential.
3. Prevent data breach and failure to respect a person's privacy or the confidence by
passing information to someone else.
4. Let students know why their information is being collected, how it will be used and
who it will be disclosed to.
While in most cases student records at the registrars are secured properly, we cannot deny
the fact that data confidentiality is a huge concern in maintaining one person’s privacy. Data
is sensitive by nature and would have a negative impact if disclosed.

Body

In today's digital age, where data is readily accessible and shared, maintaining
confidentiality and ensuring privacy have become critical concerns. This holds true within the
educational realm, where schools handle vast amounts of sensitive student information. This
study explores the importance of confidentiality and privacy regarding school records, the
potential risks associated with their mishandling, and the measures schools can take to
protect students' personal data. The registrar's office of the school serves as the custodian
of student records, entrusted with the responsibility of maintaining the confidentiality and
privacy of sensitive information.
Student records encompass various types of information, including academic records,
enrollment data, disciplinary records, and personally identifiable information (PII).
Maintaining the confidentiality and privacy of these records is crucial to protect students'
rights and comply with legal obligations. Confidentiality and privacy are fundamental
principles when it comes to managing student records. Several key reasons are protection of
student rights, Students have the right to expect that their personal and academic
information will be kept confidential. Maintaining the confidentiality of their records ensures
that their privacy is respected and that sensitive information is not disclosed without their
consent. The ability to maintain the confidentiality and privacy of student records is directly
linked to an institution's reputation. When students and their families trust that their
information is handled with care and kept secure, it fosters a positive relationship between
the institution and its stakeholders.

Data Privacy Act of 2012 (Republic Act No. 10173): governs the processing and protection
of personal data in the Philippines. It establishes the rights of individuals concerning their
personal information and sets obligations for organizations handling personal data, including
educational institutions. The Commission on Higher Education (CHED) Policies has issued
guidelines and policies related to data privacy and protection. These policies provide specific
requirements for handling student records and ensuring their confidentiality. There is also
Code of Ethics for Professional Teachers the Code of Ethics for Professional Teachers
highlights the teacher's responsibility to maintain the confidentiality of student records and to
protect the privacy of student information. Educational institutions, including the registrar's
office, must familiarize themselves with these laws and policies to ensure compliance and to
effectively address confidentiality and privacy concerns in managing student records.

Solutions/Recommendations

Maintaining careful controls over private information isn’t just the right thing to do.
There are many other things to consider in keeping the records properly and to hold its
integrity. Some students may be reluctant to give out their home address or to share an
email address or unlisted telephone number. Take note that privacy and keeping private
information confidential is also in the law. To address these issues, it is important to lay
some initial procedures in order to secure students data and maintain their privacy.
The first step is making sure administrators and top-level decision-makers are aware
of the importance of securing data. Laying out the potential consequences of a data breach
such as bad press or harm to students and teachers can also raise support for stronger
protections. Once administrators are aware of the importance of data privacy, they can
create policies to maintain the safety of data within the district. These polices should cover
who can share what information, who can access certain resources and more
Also, it is necessary to identifying where all the student’s data assets are stored. This
includes data in the cloud and data on-premises. Look at what data is stored there and how
sensitive it is, who has access to it. After that, they need to identify where there are risks and
vulnerabilities or not. Schools should also establish data sharing agreements with students
up front. These agreements lay out clear guidelines for what students can do with data, how
long they’ll hold on to it and the conditions under which they’ll destroy it.

Conclusion

The collection of students data continues to expand rapidly, growing datasets into
longer-term repositories with increasing value. However, this higher-dimension, longitudinal
data creates a greater risk of privacy harms and the corresponding need to develop more
privacy-protective techniques and technologies. The tension in providing detailed enough
student data to be useful while maintaining confidentiality of the underlying information will
always remain. When datasets include potentially identifiable personal information, steps to
prevent disclosure of this information can limit the extent to which researchers can analyze
data with granular and accurate enough calculations.

Both private and public institutions have long relied on notice and consent and de-
identification for protecting privacy methods that have been shown to be no longer reliable.
There are no silver bullets in disclosure limitation, and no single privacy-enhancing
technique or technology will completely remove privacy risks. However, recent advances in
disclosure limitation hold great promise for protecting confidentiality while allowing data to be
used to provide valuable information. Traditional disclosure limitation techniques are still of
value as well and can be used in conjunction with modern methods to greatly reduce privacy
risks. However, the focus on personally identifiable information in current privacy regulations
presents complications when considering disclosures protected by modern means such as
differential privacy. Existing and future laws and policies will need to take account of the
more quantifiable, comprehensive concepts of privacy that formal privacy methods provide.
Researchers and policymakers will need to ask tough questions about how much statistical
noise is enough to adequately protect privacy while still providing useful data, and how to
capture and define these considerations in regulations and policies.

References
Hardt Moritz, Blum Avrim. 2015. “The Ladder: A Reliable Leaderboard for Machine Learning
Competitions.” Pp. 1006–14 in International Conference on Machine Learning. Retrieved
November 6, 2018 (http://proceedings.mlr.press/v37/blum15.pdf).
Google Scholar
Hardt Moritz, Ligett Katrina, McSherry Frank. 2012. “A Simple and Practical Algorithm for
Differentially Private Data Release.” Pp. 2339–47 in Advances in Neural Information
Processing Systems. Retrieved November 6, 2018
(http://www.cs.huji.ac.il/~katrina/papers/mwem-nips.pdf).
Google Scholar
Hofman Jake M., Sharma Amit, Watts Duncan J. 2017. “Prediction and Explanation in Social
Systems.” Science 355(6324):486–88.
Kahn David. 1996. The Codebreakers: The Comprehensive History of Secret
Communication from Ancient Times to the Internet. New York: Simon & Schuster.
Brickell Justin, Shmatikov Vitaly. 2008. “The Cost of Privacy: Destruction of Data-mining
Utility in Anonymized Data Publishing.” Pp. 70–78 in Proceedings of the 14th ACM SIGKDD
International Conference on Knowledge Discovery and Data Mining. Retrieved November 6,
2018 (https://www.cs.cornell.edu/~shmat/shmat_kdd08.pdf).
Doukas C., Maglogiannis I. Bringing IoT and Cloud Computing towards Pervasive
Healthcare; Proceedings of the 2012 Sixth International Conference on Innovative Mobile
and Internet Services in Ubiquitous Computing; Palermo, Italy. 4–6 July 2012; pp. 922–926.
[CrossRef] [Google Scholar]
Barker K., Askari M., Banerjee M., Ghazinour K., Mackas B., Majedi M., Pun S., Williams A.
British National Conference on Databases. Volume 5588. Springer; Berlin/Heidelberg,
Germany: 2009. A Data Privacy Taxonomy; pp. 42–54. [CrossRef] [Google Scholar]
Asaddok N., Ghazali M. Exploring the usability, security and privacy taxonomy for mobile
health applications; Proceedings of the 2017 International Conference on Research and
Innovation in Information Systems (ICRIIS); Langkawi, Malaysia. 16–17 July 2017; pp. 1–6.
[CrossRef] [Google Scholar]
Coen-Porisini A., Colombo P., Sicari S., Trombetta A. A Conceptual Model for Privacy
Policies; Proceedings of the 11th IASTED International Conference on Software Engineering
and Applications (SEA ’07); Cambridge, MA, USA. 19–21 November 2007; Anaheim, CA,
USA: ACTA Press; 2007. pp. 570–577. [CrossRef] [Google Scholar]
Yesmin T., Carter M.W. Evaluation framework for automatic privacy auditing tools for
hospital data breach detections: A case study. Int. J. Med. Inform. 2020;138 doi:
10.1016/j.ijmedinf.2020.104123. [PubMed] [CrossRef] [Google Scholar]
Sun J., Zhu X., Zhang C., Fang Y. HCPP: Cryptography Based Secure EHR System for
Patient Privacy and Emergency Healthcare; Proceedings of the 2011 31st International
Conference on Distributed Computing Systems; Minneapolis, MN, USA. 20–24 June 2011;
pp. 373–382. [CrossRef] [Google Scholar]
Samaila M., Neto M., Fernandes D., Freire M., Inácio P. Challenges of Securing Internet of
Things Devices: A survey. Secur. Priv. 2018;1 doi: 10.1002/spy2.20. [CrossRef] [Google
Scholar]
Plachkinova M., Andrés S., Chatterjee S. A Taxonomy of mHealth Apps–Security and
Privacy Concerns; Proceedings of the 2015 48th Hawaii International Conference on System
Sciences; Kauai, Hawaii. 5–8 January 2015; pp. 3187–3196. [CrossRef] [Google Scholar]
Alsubaei F., Abuhussein A., Shiva S. Security and Privacy in the Internet of Medical Things:
Taxonomy and Risk Assessment; Proceedings of the 2017 IEEE 42nd Conference on Local
Computer Networks Workshops (LCN Workshops); Singapore. 9–12 October 2017; pp. 112–
120. [CrossRef] [Google Scholar]
Yi X., Bertino E., Rao F.Y., Bouguettaya A. Practical privacy-preserving user profile
matching in social networks; Proceedings of the 2016 IEEE 32nd international conference on
data engineering (ICDE); Helsinki, Finland. 16–20 May 2016; pp. 373–384. [CrossRef]
[Google Scholar]
Sivaraman V., Gharakheili H.H., Vishwanath A., Boreli R., Mehani O. Network-level security
and privacy control for smart-home IoT devices; Proceedings of the 2015 IEEE 11th
International Conference on Wireless and Mobile Computing, Networking and
Communications (WiMob); Abu Dhabi, UAE. 19–21 October 2015; pp. 163–167. [CrossRef]
[Google Scholar]