RA 10173 and its challenges to Philippine state universities and colleges' compliance performance: the case of Mindanao State University - General Santos City

Data privacy has become a major concern in the Philippines owing to the promulgation of Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, duly enforced by the National Privacy Commission (NPC). This study seeks to determine the level of compliance of Mindanao State University- General Santos City (MSU-GSC) as well as understand the challenges it encounters in accordance with the Data Privacy Act. Using a qualitative single holistic case study design and pattern matching technique, this paper was able to uncover how and why SUCs can comply with the RA 10173 and can apply such law in their information systems and academic processes. It was found out that MSU-GSC is qualitatively described as partially compliant and it further supports deterrence and legitimacy as its determinants. The moderating effect of compliance with RA 8792 or E-Commerce Act of 2000 also significantly affects its abidance with Data Privacy Act as efforts are continuously directed towards automating university processes and transactions. Moreover, three factors were identified that contributes primarily on the challenges of its compliance namely lack of better understanding, budgetary issues and time constraints. The study contributes to the literature by providing inputs about SUCs' continuing efforts toward compliance with RA 10173. It is suggested NPC to diffuse responsibility to SUCs, so as compliance with data privacy act will weigh down less. Further, it is expected a greater appreciation of the law will fuel enthusiasm to overcome challenges of compliance.