Uploaded by pointsilver95

data privacy article 2

advertisement
RUNNING HEAD: Implementation of Republic Act 10173 or the Data Privacy Act of 2012
in the Albay Electric Cooperative (ALECO)
IMPLEMENTATION OF REPUBLIC ACT 10173 OR THE DATA PRIVACY ACT OF 2012 IN
ALBAY ELECTRIC COOPERATIVE (ALECO)
Shiela Mae N. Foronda, Neiliza S. Javier
Florinda G. Vigonte, Ph.D, Marmelo V. Abante, Ph.D, DIT, DBA
Email Address: nilasa.shielamae@gmail.com, neilizajavier19@gmail.com,
florgarcia3207@gmail.com docmelo888@gmail.com
World Citi Colleges, Graduate School Department 960
Aurora Blvd., Bagumbuhay,
Quezon City
ABSTRACT
Data privacy has become a significant concern for everyone in today's digitized
environment. In the Philippines, the Data Privacy Act was enacted in 2012 to protect the human
right to privacy of communication while establishing the free flow of information to promote
innovation and growth. The primary objective of this study is to analyze the effectiveness of
implementing Republic Act 10173 or DPA 2012 in the Albay Electric Cooperative (ALECO). A
quantitative study utilizing a descriptive research design in order to identify the level of
implementation of ALECO on the Data Privacy Act of 2012 through a standardized survey
questionnaire adapted by other WCC researchers who conducted a study on the Implementation of
the Freedom of Information Act in the Municipality of Midsayap. A total of two hundred fifty (250)
coming from ALECO MCOs and employees were randomly selected as respondents for the study.
Data was gathered through the utilization of Google Forms to ensure accurate and fast data
gathering. Frequency Distribution, Percentage Distribution, Weighted Mean, and Single factor
ANOVA were used as statistical tools to analyze the results using IBM Statistical Packages for
Social Sciences (SPSS) Statistics 27 software. Study shows age significantly impacts opinions on
the Data Privacy Act of 2012. Gender and education have no effect. ALECO location and residency
duration greatly affect perceptions. Moreover, respondents' lack of awareness about Data Privacy
Act implementation at ALECO is a critical challenge to overcome. Hence, customized data privacy
plans are vital.
KEYWORDS: ALECO, Albay, Compliance, Data Privacy Act of 2012 (R.A. 10173), Electric Cooperative,
implementation, information security, Philippines, PRISMA diagram, technology
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
INTRODUCTION
A. Background of the Study
As the world advances to the side of technology, life becomes more accessible and efficient.
Still, data security and safety, such as personal information, are being threatened as technology
evolves. This kind of situation brought the Philippine Government to take action by passing the
DPA 2012. Part of the government activity is to implement significant laws to protect the people
to the current prevailing level of technology with ensured safety and security. Given that this digital
age generation has easy access to any information, the need for privacy protection arises and needs
to be catered to by the government. The Albay Electric Cooperative (ALECO), the electric
distribution manager in the province, collects and processes the personal information of its
constituents. Regarding confidential information, the ALECO should be more familiar with the
provisions of the said law. The said Electric Cooperative (EC) has a franchise to operate in the
Province of Albay in the areas presently comprising Legazpi City, Bacacay, Camalig, Daraga,
Guinobatan, Jovellar, Libon, Ligao, Malilipot, Malinao, Manito, Oas, Pio Duran, Polangui, Rapurapu, Santo Domingo, Tabaco, and Tiwi.
Data privacy is a critical issue for both organizations and individuals. The primary objective
of this study is to analyze the effectiveness of implementing Republic Act 10173 or DPA 2012 in
the Albay Electric Cooperative (ALECO). Further, this study examines the challenges, practices,
and compliance of ALECO concerning compliance with the DPA 2012. It looks into the conscious
effort to understand and familiarize oneself with the provisions of DPA to guarantee safety.
Additionally, the study explores how ALECO collects and shares information while safeguarding
and protecting the privacy of each.
The National Privacy Commission (NPC), with the assistance of the Philippine Survey and
Research Center (PSRC), surveyed public awareness and knowledge concerning DPA 2012. The
research addressed how to implement the provisions of DPA 2012 properly. The studies
demonstrated public awareness and understanding of the DPA 2012 and helped increase the
consciousness of individuals about the Act. It is likewise that, data privacy awareness concentrated
in areas with high-speed internet—a deeper understanding and familiarization of the act help to
protect individuals from online scams and cybercrimes.
While the DPA protects the fundamental human right of privacy of communication, research
indicates that there are common challenges in implementing the act. According to Presbitero & Ching
2018; Tanate-Lazo & Cabonero 2021, factors such as (1) lack of awareness and education, (2) limited
resources, and (3) low priority in the agenda are found to be significant factors in complying with
DPA 2012. Further, due to new technological breakthroughs and growth, there is a need for the
enhancement of its securities in an organization.
In the same way, this study has provided valuable insights into implementing DPA 2012.
Organizations have addressed the issues while implementing the Act and formulated solutions, such
as developing data privacy manuals. The review suggested that education through an aggressive
information drive by the National Privacy Commission (NPC) is one of the best security measures.
Even with a limited budget, they can still implement protection strategies by utilizing their existing
highly skilled human resources with a strong background in ICT and making every effort to comply
promptly to prevent the consequences of not complying. It is equally essential to know the level of
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
knowledge and awareness of each individual who collects personal information based on the scope
of application, principles, lawful processing of data, privacy, and security, data subject's rights, and
rules of accountability. By utilizing this, an organization can identify the individuals who require
relevant training. However, conducting a follow-up study on the compliance status of each
organization is recommended to determine if their compliance status has improved since most of the
studies were conducted during the compliance period.
B. REVIEW OF RELATED LITERATURE
The researchers administered a comprehensive analysis of the implementation of the DPA
2012 by searching for various research and studies using Google Scholar, ResearchGate,
academia.edu, sciencedirect.com, scribd.com, semanticscholar.org, and other sources to search
for references. The researchers reviewed the literature to acknowledge the status quo of this issue.
A total of 43 most relevant search results were reviewed and selected as fit for our analysis and,
hence, considered. Keywords used in the search were Compliance, Data Privacy Act, Data
Security, Demographic profile, Effectiveness, Philippines, and the Republic Act 10173.
The researcher used Preferred Reporting Items for Systematic Reviews and Meta-Analyses
(PRISMA) in conducting the research.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Figure 1. PRISMA 2020 Flow Diagram
Demographic Profile
Demographic data, in particular, can reveal differences in outcomes, access, enrollment,
patient experience, and utilization in programs like Medicaid, CHIP, Medicare, and the Health
Insurance Marketplaces (Gilfoil et al., 2023). Collecting demographic data can help fill these critical
gaps, create more comprehension and equity in the process,11 and better streamline resources for
training and more effectively allocate funds and training resources so that all Americans can support
the US in maintaining its position as a global leader in the development of cutting-edge technologies
that support economic management and job creation. (Ray, 2020).
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Age
Age as demographic means the length of time of a person in a concerned
demography ("Definition of Demographic Age," 2023). It has different classifications based
on other authors. Piaget classifies age as development, which includes the sensory stage
from 0-18 months and so on. The Legal Information Institute defines age in terms of giving
consent as one who can provide meaningful support (Legal Information Institute, 2022). In
this study, the age demographics must be at the start of 18 to provide appropriate and
meaningful consensus regarding the survey.
Based on the study by Kaiser (2016), research revealed that the youngest age group,
18-24, scored higher on privacy perception compared to the older groups, 25-35, 36-49, and
50+. In essence, 18-24-year-olds perceive less privacy when interacting with the internet
than people aged 36 or older because they are more aware that their data is recorded, shared,
and sold to third parties. Concerning security perception, the study showed that the youngest
age group, 18-25, engage less in security practices when interacting with the internet than
older users. Older users felt less secure and would refuse to give out data more than youngeraged users.
To summarize, younger age groups are more aware of data privacy issues, yet they
need to protect their data online more than age groups 59+. It was observed that most
individuals desired more data security but did not take the necessary measures to ensure its
protection.
Gender
Gender refers to people whose identity and expression align with their biological sex.
Gender values are introduced early on in students' lives, such as coursing male students into
science, technology, engineering, and mathematics (STEM) subjects (Marakova et al.,
2019).
In an exploratory study by Weinberger et al. (2017), they proposed an experimental
framework to investigate and model male/female attitudes toward online privacy and
anonymity among students in Israel. As a result, women's relatively high online privacy
self-competence level and their low awareness of technological threats do not match their
relatively low technical online privacy level of proficiency. This results in a lower ability to
safeguard their identity and personal information than men. Therefore, further steps should
be taken to remove the inter-gender technological gap in online privacy, anonymity
awareness, and literacy.
Sigal Tifferet's (2019) study examined gender differences in privacy-seeking
tendencies on social network sites (SNS). According to the findings, females on social
network sites had more privacy concerns and behaviors than males. Despite females being
more committed to enhancing privacy, there were small and statistically heterogeneous
gender differences. The findings are consistent with evolutionary and social role theories
and may be attributed to differences in personality, threat vulnerability, or SNS activity
levels. To prevent privacy breaches, advocates of SNS privacy should focus on males as the
most vulnerable segment. To understand the basis of this gender difference, it is necessary
to conduct additional studies to investigate the moderating effects of variables like culture
and age.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
In this study, the researchers incorporated the Male and Females as respondents to
the survey. However, it is also considered that those respondents preferred not to mention
their sexual identity concerning their gender preferences.
Educational Attainment
Higher education is often viewed as having an excellent job with high
payment/salaries. It will determine one's future, which is why most high school students
prefer to go to the top universities in urban areas to have a good quality of education for a
better future (Babaylan, 2018).
Decision-making at higher education institutions is increasingly aided by student
data, and technology platforms are employed to gather, analyze, and utilize a vast amount
of this data. As students have become more aware of this ongoing data collection and its
use, their concerns and desires have begun to be expressed to limit the use of their data to
guide institutional decision-making. The conversation on student data service and privacy
has just started, and it is vital to prioritize students' voices in that discussion. The future of
data privacy in higher education can be shaped collectively by students, higher education
institutions, technology companies, researchers, and other interested stakeholders (Park &
Vance, 2021).
Zukowski and Brown (2007) found that the higher the level of education, the lower
the Information Privacy Concern. However, Sheehan (2002) has suggested that Internet
users with less education tend to be less concerned with online privacy. Therefore, it is
essential to understand the effect of education level and age on Information Privacy.
However, as people with high educational attainment tend to have high incomes, it may be
hard to determine whether their academic background or income has an effect (Blank et al.,
2014).
ALECO Franchise Area (Municipality)
ALECO was organized on August 9, 1972, and was duly registered with the National
Electrification Administration on the said date. ALECO has a permanent franchise to
operate an electric light and power service in Legazpi City and the seventeen (17)
municipalities of Bacacay, Libon, Daraga, Guinobatan, Camalig, Pio Duran, Manito,
Jovellar, Ligao, Malilipot, Malinao, Oas, Polangui, Rapu-Rapu Island, Sto. Domingo,
Tabaco, and Tiwi, all in the province of Albay, for fifty (50) years.
Under the Memorandum No. 2017-023 issued by the National Electrification
Administration (NEA) dated August 2, 2017, "All electric cooperatives are hereby advised
to comply with the requirements of the Data Privacy Act 2012 and the Implementing Rules
and Regulations in respect of the personal data of its employees, officers, directors, and
member-consumers-owners"
Intensifying the need to protect the personal information of their stakeholders against
digital threats, the National Electrification Administration (NEA) urged all electric
cooperatives (ECs) to act strictly following the requirements of the Data Privacy Law.
In this study, the researchers incorporated the municipalities covered by the
franchise area of the Albay Electric Cooperative (ALECO) in the survey, namely Legazpi
City, Bacacay, Camalig, Daraga, Guinobatan, Jovellar, Libon, Ligao, Maliliput, Malinao,
Manito, Oas, Pio Duran, Polangui, Rapu-Rapu, Sto. Domingo, Tabaco, and Tiwi. ALECO
purchased the physical assets of the Tabaco Electric Company, Bicol Electric Company,
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Lealda Electric Company, and the Libon Electric Company. ALECO furnishes dependable,
adequate, and low-cost electric service to all its member-consumers on an area coverage
basis. It proposes to develop its system as defined and elaborated under Presidential Decree
No. 269. ALECO, by its Board Resolution No. 36 dated November 8, 1978, accepts all the
responsibilities a franchise holder is bound for if its application for franchise is granted.
Length of Residency
Residency is where the families live or where they are located. According to the
survey of families in a barangay, 16% lived in the barangay for 6-10 years, 15% lived for
11-15 years, and 69% lived 16 years and above.
The longer the people lived in a particular place, the stronger their attachment to
where they settled (Kasarda & Janowitz, 1974). As stated by Beckley (2003), social and
physical aspects of the place and the length of residence suggested that biological factors
are necessary to attract new people, and socializing is essential for people to stay in an area.
The connection between the length of residency and the importance of social and physical
aspects of a place might have a relationship.
Republic Act 10173 or the Data Privacy Act of 2012 in the Albay Electric Cooperative
(ALECO)
In this study, the researcher's objective is to assess and evaluate the respondents' assessment
and knowledge when implementing Republic Act 10173 or the Data Privacy Act of 2012 in
ALECO. In this time where modern information technology and communication are widely utilized,
personal information and important files are at high risk, and probable implications and
predicaments of these might be encountered. The possible solution is in-depth knowledge and
awareness of the provisions of this Act. In this study, the researchers incorporate the assessment of
the Implementation of Republic Act 10173 or the Data Privacy Act of 2012 in the Albay Electric
Cooperative (ALECO) in terms of Awareness, Accuracy of information, and Security of
information, Implementation, Effectiveness, and Efficiency in the survey.
Awareness
Understanding data privacy is essential to fostering a culture of privacy in the
Philippines. As stated by Fabito et al. (2018) and Ramos (2019), there were efforts made by
the NPC and some organizations, such as awareness campaigns in the form of training and
seminars that were regularly conducted. In addition, organizations were more aggressive in
complying due to consequences indicated in the non-compliance and the possible breach
after it. Since training is the most popular awareness campaign, Tanate-Lazo and Cabanero
(2021) revealed in their study that efforts were made by cascading posters and bulletin
boards inside the organization. These initiatives will help and empower citizens to safeguard
their private data against unprincipled groups and individuals.
Accuracy of Information
Technology provides power capabilities in terms of capturing, storing, managing,
and analyzing data with high volume, variety, and velocity - the so-called "three V" (Beyer
& Leney, 2012; Hurwitz et al., 2013; Manyika et al., 2011) represent the main merits of big
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
data analytics. Veracity and validity are highly interrelated as they reflect the data's accuracy
(Hurwitz et al., 2013). Integrity refers to the accuracy of insights generated by big data
analytics, and validity is the degree to which the data entered into big data technologies is
accurate.
Common countermeasures are put in place and are constantly evolving as new
manipulations are revealed that tamper with data stored within systems. Some common
defensive countermeasures include using strong authentication and authorization, updating
software, educating users on appropriate security protocols, and configuring network access
points, hardware, and software (Meier et al., 2003; West, 2009).
According to the essay Access Control: Principles and Solutions by di Vimercati,
Paraboschi, and Samarati (2006), a fundamental component in protecting the modification
and accuracy of data is the use of an access control service, where authorized users only
have access to the appropriate system resources.
Data quality is based on accuracy, consistency, timeliness, completeness, and
uniqueness (Xu & Quaddus, 2013). Data accuracy determines the time taken to reach a
decision and its quality. When data is incorrect, the predictions deduced from the data are
likely to be wrong.
Information accuracy assessment uses hybrid techniques stemming from both
journalistic and social research methods moving along three primary stages: (1) selection of
facts/statements to check, (2) collection of evidence, and (3) decision. Generally, the fourth
stage is added, which is implemented right after the selection of facts/content to check the
accuracy of the information. These steps, which need to be carefully implemented, designate
a method having its epistemic rationale (Cheruiyot & Ferrer-Conill, 2018). The detailed and
primary output of the information accuracy assessment effort serves a double aim: (1) to
evaluate the validity of any given publicly articulated statement of information on issues of
public interest and (2) to educate the wider public (Amazeen, 2019; Amazeen, 2020), as
well as to promote its active involvement in the process of testing the accuracy of
information. It is also argued that fact-checking can reduce inaccurate claims, thus reducing
the dissemination of erroneous information in the public sphere (Amazeen, 2019; Amazeen,
2020).
Security of information
Cyber threats, unwanted surveillance, and the collection of personal information
without conforming to the DPA have put the right to privacy under threat. According to
Ramos (2019) and Tanate-Lazo & Cabonero (2021), to enhance security measures, a data
privacy manual and proposed guidelines on DPA compliance were developed, as well as the
designation of a Data Privacy Officer (DPO), while the rest of the organization's employees
and stakeholders will be subject to principles of transparency, proportionality and for a
legitimate purpose. Based on the findings of the study by Ramos (2019), this manual
contains data policies that should be reviewed annually and regularly updated. Moreover,
physical access to servers and network equipment is restricted to authorized personnel only;
this includes various security appliances and devices employed to safeguard the network
and its systems.
In the study of Fabito et al. and Presbitero and Ching (2018), organizations are
developing their Information Systems (IS) and updating their portal. ICT centers, handled
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
by highly skilled IT professionals from outside sources, were tapped to create and maintain
most of these IS.
Organizations were encouraged to conduct periodic auditing on compliance, which
must be continuously practiced through frequent monitoring of risks and by keeping all
stakeholders informed. This will be done by the proposed creation of a Data Privacy Office
with a DPO as the de facto head (Ramos, 2019).
Data privacy has become a significant issue, and making efforts and solutions to
introduce new kinds of technology and software is one of the solutions to protect and secure
information for both public and private sectors.
Effectiveness
Aridor et al. (2021) stated that the solid and effective means of privacy protection made
available by laws such as GDPR should help privacy-concerned consumers protect their
privacy by eliminating their digital footprints. Data privacy's effectiveness relates to
individuals' belief that the law would protect them from opportunism from firms.
Consumers expect government regulations to manage the collection, storage, and usage of
their personal information. In addition, individuals recognize the power of legal systems,
which the organizations will follow (Wang 2018).
Mostert et al.(2018) argued that within the context of data-intensive health research,
such a comprehensive data protection system should be considered to serve two functions
in particular. Firstly, the aim is to provide adequate overarching protection that secures the
rights and interests of individuals, regardless of whether the personal data processing is
grounded on consent or any other legal basis. After all, merely adhering to the principle of
lawfulness is never sufficient to respect the right to data protection. Secondly, such a data
protection system arranges for specific safeguards when necessary and proportional to
derogate from consent requirements or certain individual rights.
Efficiency
Complying with the DPA 2012 allowed agencies and companies to speed up the
development and upgrade of their information system. Organizations have employed IT
consultants to fast-track the development of the needed information system. Implementing
the law has allowed organizations to speed up the development and upgrade of their IS.
(Fabito et al. 2018).
With the continuous growth of technology, a set of security standards that enhance
individuals' control and rights over their data is imposed as a regulation for organizations.
Exercising the rights of data, even in the rapid development and evolution of technology,
can prevent the risk of data breach incidents and ensure information security.
Difference of the implementation of the Republic Act 10173 or the Data Privacy Act of 2012
when respondents are grouped according to profile
Lee et al. study investigated the relationship between demographic characteristics (Gender,
age, educational attainment, income level, marriage) and Information Privacy Concerns using large
samples to establish a better understanding of the relationships. Their study used data from the 2015
to 2017 Korean Media Panel Surveys provided by the Korea Information Society Development
Institute (KISDI).
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
These datasets helped understand the media environment and changes in individual and
family usage manners as the survey was administered to an identical sample for eight years from
2010 to 2017. The datasets were also valuable for longitudinal and cross-sectional studies requiring
a large sample size. The surveys are administered every year to approximately 10,000 respondents
from 5,000 families. This study used these samples as surveys containing the measure of IPC. The
dataset includes 10,172 respondents in 2014, 9873 in 2015, and 9788 in 2016. We selected
respondents who responded to the survey from 2014 to 2016. After excluding children younger than
ten, seniors older than 100, and respondents who could not answer because they did not engage in
online activities, 7809 respondents were included in the sample and analyzed. According to the
demographic attribute of the respondents, the percentage of respondents with no income was
relatively high (about 40%). Those with no income were distributed evenly across the ages, but
more than 95% were unemployed female respondents.
After marriage, the number of women concentrating on homemaking increases for reasons
such as childbirth and childcare. Students and elderly respondents who do not engage in economic
activity, including these women, belong to the no-income group.
Challenges encountered by the respondents in the Republic Act 10173 or the Data Privacy
Act of 2012
It was summed up that some Frontline Agencies are not compliant at all because of the
following concerns: first, the lack of awareness of said Act hampers them in complying; second,
they do not have the right people to focus on the matter, resources also forbid, and lastly, projects
and programs relative to this is mostly on low priority agenda (Pitogo, 2019).
Research revealed that students must know their colleges and universities' data collection,
maintenance, use, and disclosure practices. They need to be more cautious of institutions using their
information for non-educational purposes. Good privacy policies and procedures can only result in
general trust and apprehension if effectively communicated to students and communities.
Researchers recently reviewed privacy rules in US higher education and discovered that policy
language frequently needs to explain how institutions utilize data more appropriately. Therefore,
the methods used now make it necessary for students to comprehend the data practices of their
company and may restrict their capacity to interact with, modify, or refuse such practices. (Park &
Vance, 2021).
Data Privacy Act Implementation Plan
Organizations are becoming more mindful of the importance of enforcing privacy policies
to safeguard the personal information given to them by their customers, constituents, and
employees. This awareness led to increased privacy legislation in many countries and changed
perceptions of privacy among the general public. Hyman and Kovacic (2019) concluded that the
optimal strategy to enhance the Federal Trade Commission's (FTC) role, the U.S. equivalent to a
national privacy authority, is to eliminate gaps in its jurisdiction and expand its capacity to promote
cooperation among agencies with privacy portfolios. They further suggested another option to
create the latest independent privacy commission that the core would consist of privacy obligations
previously performed by the FTC.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Liu et al. (2021) have suggested that rather than seeing privacy issues as a hurdle, legislation
should aim to construct robust regulatory privacy protection mechanisms that promote innovation
and enhance open data initiatives and their dreams of data sharing. Lastly, they provide suggestions
for reform. They suggested making de-identification standards and adopting guidelines, clarifying
the Personal Data Protection Act's (PDPA) public interest exemption's meaning, and establishing
an opt-out mechanism as one of the essential reform first stages. Further, in drafting its open data
policy, Taiwan should do risk analyses before disclosing any data and monitor privacy protection
measures during any available data effort, starting at the very beginning. Moreover, a privacy office
or advisory group can also give expert advice and create reasonable rules.
Breaux and Jo (2014) affirmed that a strong security position and implementation of a
comprehensive privacy and data security plan is the most effective measure companies can employ
to mitigate the high costs of remediating a data breach. Understanding the sort of data being
gathered and the restrictions imposed by applicable laws, regulations, and other corporate
compliance standards is a crucial first step. Following are the suggestions to create an adequate
privacy, compliance, and data protection plan:
● Identify the types of information gathered and processed
● Survey the Legal and Regulatory Landscape
● Gather and examine Internal Policies
● Create the information Security Team and Evaluate the risks
● Design and implement solutions
Synthesis
Based on the discussion, organizations are still experiencing problems concerning the
understanding of data privacy and focusing on increasing the awareness for the protection of an
individual, which, in effect, will educate the data subjects by making them less vulnerable to data
privacy abuses. The DPA 2012 is vital in safeguarding individuals concerned about their privacy. In
addition, a review of each organization's compliance, development of secured IS, creation of a Data
Privacy Office, creation of a Privacy Management Program, appointment of DPO, and assistance
from the NPC are the keys to managing the misconception about DPA 2012.
C. Conceptual Framework
This study's conceptual framework is intended to highlight the significant difference between
the demographic profile of the respondents and their assessment of the level of implementation of
the Republic Act No. 10173, commonly known as the Data Privacy Act of 2012, within the context
of the Albay Electric Cooperative (ALECO) as shown in Figure 2.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Figure 2. Conceptual Framework
Figure 2 presents the conceptual framework of the study designed to investigate whether there
is a significant difference in the assessment of the level of implementation of the Republic Act No.
10173, also known as the Data Privacy Act of 2012, within the Albay Electric Cooperative
(ALECO) when respondents are grouped according to their demographic profiles.
Predictor Variable: The predictor variable, in this context, refers to the demographic profile
of the respondents. These demographic variables include age, Gender, educational attainment,
ALECO franchise area (municipality), and length of residency. These characteristics that researchers
suspect may influence how respondents assess the level of implementation of data privacy
regulations.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Outcome Variable: The outcome variable represents the assessment of the level of
implementation of the Republic Act No. 10173 (Data Privacy Act 2012) within ALECO. This
variable reflects how respondents perceive the awareness, accuracy of information, information
security, implementation, effectiveness, and efficiency of data privacy measures within ALECO, as
well as the challenges encountered by respondents.
D. Statement of the Problem
The primary objective of this study is to analyze the effectiveness of implementing Republic
Act 10173 or DPA 2012 in the Albay Electric Cooperative (ALECO).
Specifically, this study pursued to answer the following questions:
1. What is the demographic profile of the respondents in terms of:
1.1. Age
1.2. Gender
1.3. Educational Attainment
1.4. ALECO Franchise Area (Municipality)
1.5. Length of Residency
2. How do the respondents assess the Republic Act No. 10173 or the Data Privacy Act 2012
in the Albay Electric Cooperative (ALECO) in terms of:
2.1. Awareness
2.2. Accuracy of information
2.3. Security information
2.4. Effectiveness
2.5. Efficiency
3. Is there a significant difference in the respondents' assessment of the implementation of the
Republic Act No. 10173 or the Data Privacy Act 2012 when grouped according to their
profile?
4. What challenges do the respondents encounter in the Republic Act No. 10173 or the Data
Privacy Act 2012?
5. Based on the study's findings, what Data Privacy Act of 2012 implementation plan may be
proposed?
Null hypothesis: There is no significant difference in the respondents' assessment of the
implementation of the Republic Act No. 10173 or the Data Privacy Act 2012 when grouped
according to their profile.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
E. Significance of the Study
Protecting personal information has become a top priority for individuals and enterprises in
an era of fast technology breakthroughs and growing data privacy concerns. The present study
delves into the assessment of data privacy implementation within the Albay Electric Cooperative
(ALECO), specifically focusing on the Republic Act No. 10173, also known as the Data Privacy
Act of 2012. This study sheds light on the significance of the research and the potential benefits it
can offer various stakeholders. Results may be of utmost importance to the following beneficiaries:
Consumers: ALECO's consumer base stands to benefit from improved data privacy practices.
As consumers, they entrust their personal information to the cooperative, and a better understanding
of data privacy can empower them with the knowledge to protect their privacy rights.
ALECO: The cooperative can benefit by identifying areas for improvement in data privacy
implementation. Enhanced data protection can bolster consumer trust and demonstrate ALECO's
commitment to safeguarding sensitive information.
Regulatory Authorities: Regulatory bodies responsible for overseeing data privacy
compliance can use the research findings to assess the state of data privacy within utility
cooperatives and tailor regulatory measures accordingly.
F. Scope and Delimitation
This research adopts a mixed method to provide a comprehensive analysis of data privacy
within ALECO; certain limitations are acknowledged. The study's scope is confined to ALECO
members within the selected geographic area, and findings may only be generalized within this
context. Additionally, resource constraints may limit the size of the sample and the depth of data
collection. External factors, such as broader economic or political conditions, are beyond the scope
of this study. Finally, language considerations may restrict the inclusion of non-native speakers in
the research.
G. Definition of terms
For a better understanding of the study, the following terms were operationally and
conceptually defined:
Accuracy of Information
This term refers to the quality of information disclosed being true or correct, even in small
details.
Awareness
This term refers to a state of being conscious of the constituents and respondents about
DPA. Specifically, it is the ability (of the constituents and respondents) to know and perceive the
DPA directly.
Collection of Information
The act of collecting or disclosing information, to the information to be collected or
disclosed, to a plan and/or an instrument calling for the collection or disclosure of information,
or any of these, as appropriate.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Data Privacy
Governing how data is collected, shared, and used.
Data Privacy Officer
Person accountable for ensuring compliance with applicable laws and regulations for the
protection of data privacy and security.
Data Security
Safeguarding information from both internal and external attackers.
Data Subject
Refers to an individual whose personal information is processed.
Demographic Profile
This term refers to the description of a particular type of respondent that answers the survey
questionnaire of this research study.
Effectiveness
This term refers to the degree to which implementation of DPA is produced and produces
a desired result.
Efficiency
This term refers to the efficiency quality measured by comparing DPA with the impact on
the constituents.
Implementation
The strategy, procedure, design, idea, model, specification, standard, or policy for
implementing the DPA, as well as its execution or application.
Personal Information
Refers to any information, whether or not it is recorded in a material form, that, when
combined with other information, would unquestionably and directly identify a specific person or
which the person in possession of the information can reasonably and immediately infer the
identification of a specific individual from.
Processing
Refers to an action or series of actions taken about personal data, such as gathering, logging,
organizing, storing, updating, or changing data, retrieving, consulting, using, combining, erasing,
or destroying it.
Respondents
This term refers to the different individuals who are going to answer or provide data by
answering the survey form or questionnaires to be analyzed for this research study.
Sensitive Information
Any personal data or information that could potentially cause harm, damage,
embarrassment, or discrimination to an individual if it's disclosed, accessed, or used without
authorization.
RESEARCH METHODOLOGY
This chapter presents the research design of the study regarding the assessment of the
implementation of RA 10173 at ALECO. The data collection method, selection of research
population and research locale, and the data analysis to be used are presented as well.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
A. Research Design
This research endeavor is a quantitative study and utilizes a descriptive research design.
Since this paper delves into the assessment of the implementation of the Data Privacy Act of 2012
by ALECO management, the quantitative method is regarded as appropriate since it emphasizes
a value-free nature of the inquiry. According to Portus (2018), quantitative research is relevant to
studies that generate inferences on a process or a phenomenon using quantifiable measurements
of the characteristics of various stakeholders or factors involved. Descriptive research design, as
stated by Trinidad (2020), aims to identify characteristics, frequencies, trends, and categories. In
this study, descriptive design was used to investigate and systematically describe the capacity of
ALECO on the implementation of RA 10173 activities as perceived by its consumers and
employees.
Hence, descriptive research design helped the researchers obtain meaningful and
substantial data and responses, especially in identifying the level of awareness, accuracy of
information, security of data or information, implementation, effectiveness, and efficiency
rendered to the respondents, and the good practices and challenges of ALECO.
B. Population and Sampling Respondents of the Study
The 250 respondents of this study were those member-consumer-owners and the staff of
ALECO management. Specifically, the researchers used a simple random sampling technique to
identify respondents. Random sampling is a technique in which each sample has an equal
probability of being chosen; a sample to be chosen is meant to be an unbiased representation of
the total population. The researcher used Slovin's formula to determine the sample size, with an
acceptable 5% margin of error and 95% confidence level.
This ensures that the respondents will have an unbiased judgment or any point of
comparison regarding the implementation of the Data Privacy Act in ALECO. Research ethical
standards were followed to protect the identity and personal data of the respondents.
C. Research instrument
The researchers utilized a survey questionnaire to identify the level of implementation of
ALECO on the Data Privacy Act of 2012. The survey questionnaire was previously used by
researchers who researched the Implementation of the Freedom of Information Act in the
Municipality of Midsayap. It is a constructed survey questionnaire; hence, the instrument
underwent validation. The instrument's content was validated after the researchers conducted a
pilot testing on selected offices in ALECO that do not include the locale of this research study.
After conducting pilot testing, the researchers modified the questionnaire's content.
The data instrument for the respondents is characterized in the form of a scale. It is composed
of the categories identified as Highly Implemented (HI) (4) with the value of 3.01-4, Implemented
(I) (3) with the value of 2.01-3, Moderately Implemented (MI) (2) with the value of 1.01-2, Not
Implemented (NI) (1) with the value of 0.01-1. This scale aided researchers in analyzing the
information gathered.
The survey questionnaire is composed of two (2) parts of the questionnaire.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
In the first part, the researchers provided a set of questionnaires to determine the demographic
profile of selected local residents and employees of ALECO in terms of name (optional), age,
civil status, gender, educational attainment, ALECO franchise area, and length of residency.
In the second part, the researchers provided a set of statements referring to the consumers'
awareness of the communication, procedures, and processing of information made by ALECO. It
encompasses the accuracy of documents released by authorized personnel of ALECO, the
correctness of documents released congruent to the requested file, and the release of the documents
to the appropriate requestee. This also includes the satisfaction of ALECO consumers with the
transparency and transactions, as well as the correctness of documents released by the ALECO
staff and management. Further, the identification of challenges encountered by respondents was
also included.
D. Research Ethics Protocol
Due to the nature of this study, Free Prior Informed Consent (FPIC) was needed from each
respondent before the data gathering commenced. FPIC is one of the most important principles the
respondents believe can protect their right to participation; this is also mandated under the Data
Privacy Act of 2012. The researchers were able to secure permission from the Acting General
Manager of ALECO before the dissemination of the research instrument via a Google form.
Disclosure of any information to third parties is forbidden unless the researchers and the participants
grant permission. All information was kept with anonymity and confidentiality.
E. Data Gathering Procedure
Initially, the researchers sought the approval of the ALECO. After the approval, the
researchers, with the assistance of ALECO, distributed the research instrument via a Google form.
Research Ethics Protocol was also presented to the respondents. To test the validity of the questions,
the researchers conducted pilot testing of the research questionnaire. After pre-testing, the
researchers collected the data and analyzed the results. Based on these initially collected data, the
researchers made necessary revisions or adjustments to consider the respondents' feedback. The
researchers determine and check the revised research instrument for data gathering.
In the formal data collection, the researchers collected 250 responses. Immediately after
tallying the results, the researchers organized and analyzed the data in preparation for the discussion
and interpretation of the research results.
F. Statistical Treatment of Data
This section presents how the data were analyzed to answer the research questions in this
research study.
The quantitative analysis allows the researchers to determine the level of implementation of
RA 10173 or the Data Privacy Act of 2012, made by the ALECO.
Specifically, the research study will use the following: Frequency Distribution, Percentage
Distribution, Weighted Mean, and Single Factor ANOVA.
Frequency Distribution. The frequency distribution is a tabulation/graphic representation of
the number of people in each category on a measuring scale (Manikandan, 2011). It is an organized
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
tabulation showing exactly how many individuals are in each category on the measurement scale.
A frequency distribution presents an organized picture of the entire set of scores, showing where
each individual is located relative to others in the distribution. Hence, this method will represent the
distribution of this study's observations on the data gathered to assess the respondents' responses.
Percentage Distribution. This method is a type of data display that shows the number of
observations for each data point or collection of data points (Lavrakas, 2008). Hence, this tool
will express the relative frequency of survey replies and other data gathered on the respondent's
responses.
Weighted Mean. The weighted mean is derived by multiplying the weight or probability
associated with a particular event or outcome by the related quantitative outcome and then adding
the results (Mesiar & Špirková, 2006). This method comes in handy when estimating a
theoretically expected event with various probabilities of occurring. As a basis, the average value
(mean value) of the respondent's responses to the assertions presented in the instrument was used.
The average of the respondents' responses in each statement or category will then be calculated
using the mean value.
Single Factor ANOVA. One factor analysis of variance (Scedecor and Cochran, 1989) is
a special case of analysis of variance (ANOVA), for one factor of interest, and a generalization
of two-sample t-test. The two-sample t-test is used to decide whether two groups (levels) of a
factor have the same mean. One-way analysis of variance generalizes this to levels where k, the
number levels, is greater than or equal to 2.
RESULTS
A. Presentation and Analysis of Data
This chapter presents the data analysis, and interpretation of data.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Demographic Profile
Age Distribution
Age Distribution of Respondents
46 y/o and above18-25 y/o
26
30
41-45 y/o
30
26-30 y/o
52
36-40 y/o
44
31-35 y/o
68
18-25 y/o
26-30 y/o
31-35 y/o
36-40 y/o
41-45 y/o
46 y/o and above
Figure 3. Graphical presentation of the Respondents in terms of Age
Figure 3 shows the age distribution of the respondents. As indicated in the graph, the highest
number of responses came from the age group of 31-35 years old. This comprises 27.2% or 68 of
the 250 total respondents. It was followed by the age group of 26-30 years old, covering 52
respondents or 20.8% of the research respondents. The youngest age group tallied 30 responses,
equivalent to 12% of the respondents. Meanwhile, the lowest number of responses came from the
age bracket of 46 years old and above, with 10.4% or 26 responses out of 250 respondents.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Gender Distribution
Gender Distribution of the Respondents
29%
71%
Female
Male
Figure 4. Graphical presentation of the Respondents in terms of Gender
Figure 4 presents the gender distribution of the respondents. Most responses came from the
female population, comprising 70.8% or 177 out of 250 respondents. On the other hand, 29.2%
came from the population of male respondents, with a total of 73 out of 250 responses.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Educational Attainment
Educational Attainment
21%
16%
Elementary
High School
26%
College
Others
37%
Figure 5. Graphical presentation of the Respondents in terms of Educational Attainment
Figure 5 presents the highest educational attainment of the respondents. Significantly, 37.2%,
equivalent to 93 actual number of respondents, were found to have a tertiary level of education.
This was followed by the population of respondents who have finished High School education,
comprising 26% of the total responses, with an actual number of 64 individuals. There were 52
respondents, or 21%, who had finished vocational courses [others], whereas 41 out of 250
respondents were found to have finished elementary education.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
ALECO Franchise Area
ALECO Franchise Area (Municipality)
Tiwi, 2%
Tabaco, 2.4%
Santo Domingo, 2%
Rapu-rapu, 0.8%
Polangui, 5%
Pio Duran, 0.4%
Oas, 0.4%
Manito, 0.8%
Malinao, 3.6%
Malilipot, 0.8%
Ligao, 1.6%
Libon, 5.6%
Legazpi City, 42.8%
Jovellar, 3.2%
Guinobatan, 4.4%
Daraga, 16.4%
Bacacay, 1.2%
Camalig, 6.8%
Legazpi City
Bacacay
Camalig
Daraga
Guinobatan
Jovellar
Libon
Ligao
Malilipot
Malinao
Manito
Oas
Pio Duran
Polangui
Rapu-rapu
Santo Domingo
Tabaco
Tiwi
Figure 6. Graphical presentation of the Respondents in terms of ALECO Franchise Area.
As depicted in Figure 6, the survey results indicate that the largest group of respondents,
107 individuals, or 42.8% of the total respondents, are from Legazpi City, which stands out as the
most densely populated area among the survey participants. Additionally, 41 respondents,
constituting 16.4%, hail from Daraga, 17 respondents (6.8%) are from Camalig, 14 respondents
(5.6%) reside in Libon, and 12 respondents (4.8%) are located in Polangui. Furthermore, the survey
reveals that 11 respondents (4.4%) come from Guinobatan, 9 respondents (3.6%) are situated in
Malinao, and 8 respondents (3.3%) are from Jovellar. Tabaco is home to 6 respondents (2.4%),
while Santo Domingo and Tiwi each have 5 respondents, amounting to 2% of the total respondents.
Ligao accounts for 4 respondents (1.6%), Bacacay has 3 respondents (1.2%), and Malilipot, Manito,
and Rapu-rapu each have 2 respondents (0.8%). Finally, Oas and Pio Duran both have 1 respondent,
each representing 0.4% of the total.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Length of Residency
LENGTH OF RESIDENCY
Less than 1 year
1-5 years
6-10 years
11-15 years
0%4%
16-20 years
21 years and above
9%
35%
24%
28%
Figure 7. Graphical presentation of the Respondents in terms of Length of Residency
Figure 7 shows the duration of residency of the member-owner-consumers of ALECO.
Primarily, it was found that most of the respondents were residents of Albay for 21 years and above.
These 87 respondents comprise 35% of the total number of participants in the study. It was followed
by the population with 16-20 years of residency, comprising 28% or 71 actual number of
respondents. Consequently, 59 respondents said that they were residents of Albay for 11-15 years
already. On the other hand, it was reported that none of the respondents had less than a year of
residency in Albay, hence as a consumer of ALECO.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Republic Act No. 10173 or the Data Privacy Act 2012 in the Albay Electric Cooperative
Table 1
Respondents assessed the Data Privacy Act 2012 in ALECO in terms of awareness
Table 1 represents a survey or assessment of ALECO's information handling practices
regarding awareness, frequency, percentage, and weighted mean scores. ALECO is evaluated on
three different aspects of its information management: adherence to proper procedures, use of
appropriate forms, and communication through appropriate channels. In the first aspect,
"Adherence to proper procedure of providing documents and information," ALECO received
moderate ratings, with the highest percentage (37.2%) falling in the "Moderate" category,
indicating that there is room for improvement in this area. The weighted mean score of 2.452
suggests a fair but not outstanding performance. In the second aspect, "Use of appropriate form/s
in the processing of information," ALECO received relatively higher ratings, particularly in the
"High" category, with a weighted mean score of 2.872. This indicates that ALECO is doing well in
this area, using appropriate forms for processing information. In the third aspect, "Communication
only in appropriate channels in the processing of information," ALECO received high ratings, with
48.8% falling in the "High" category. The weighted mean score of 3.148 suggests that ALECO
excels in this area, indicating that they effectively communicate information through the proper
channels.
Overall, ALECO has some strengths in its information management practices, particularly in
using appropriate forms and communication through the proper channels. However, there is room
for improvement in adhering to proper procedures for providing documents and information.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Table 2
Respondents assessed the Data Privacy Act 2012 in ALECO in terms of accuracy
Table 2 shows a quantitative assessment of ALECO's performance in ensuring the accuracy
of information provided to the public. ALECO is evaluated on three aspects: the appropriateness
of the process in document and information requests, releasing the correct records as requested, and
delivering accurate documents as indicated in the request form. The data is categorized into three
levels: High (HI), Intermediate (I), and Minimal (MI) compliance.
The findings indicate that ALECO is most successful in releasing the right records as
requested, with 97 responses falling under the High compliance category, accounting for 38.8% of
the total. On the other hand, the lowest-rated aspect is ensuring the public receives accurate
documents or information, with 63 responses categorized as Medium compliance (25.2% of the
total). This suggests that ALECO may need to focus more on improving the accuracy of information
delivery to better serve the public's needs. Overall, the weighted mean scores show that ALECO's
performance is above 3 in all three aspects, indicating a generally good level of service in these
areas. However, there is still room for improvement, particularly in ensuring the accuracy of
delivered documents and information.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Table 3
Respondents assessed the Data Privacy Act 2012 in ALECO in terms of security of information
Frequency
SECURITY OF
INFORMATION
ALECO assigned a point
person or staff in handling or
safe-keeping
of
the
maintained records and
information.
ALECO provides copy of
the requested documents
and safely keep it for
security
and
reference
purposes.
ALECO ensures that the
public will use the document
solely for the purposes
indicated in the request.
H
I
I
M
I
5
7
9
0
1
0
3
9
7
1
0
0
5
3
4
9
1
2
3
7
8
Percentage (%)
N
I
0
0
0
TO
TA
L
H
I
I
M
I
N
I
Weig
hted
Mean
(wx̄)
250
2
2
8
2
7
0
2
0
6
0
2.816
250
3
8
8
3
0
0
1
0
6
0
3.176
250
1
9
6
3
6
9
1
5
6
0
2.884
**Not Implemented (NI) 0.01-1 ; Moderately Implemented (MI) 1.01-2 ; Implemented (I) 2.01-3 ;
Highly Implemented (HI) 3.01-4
The data presented in Table 3 illustrates the security of information practices at ALECO,
categorized into three aspects: Handling and Safeguarding records, providing copies of requested
documents, and ensuring proper use of documents. In the first aspect, which concerns assigning a
point person for record maintenance, ALECO demonstrates a moderate level of performance, with
a weighted mean score of 2.816. This suggests room for improvement in designating a responsible
party to safeguard records. In the second aspect, providing copies of requested documents and
securely storing them, ALECO performs better, with a weighted mean score of 3.176. This indicates
that the organization has robust procedures in place for document sharing and retention. Finally, in
the third aspect of ensuring proper use of documents, ALECO achieves a moderate score of 2.884.
This suggests that while there are policies regulating document usage, there is room for
enhancement in guaranteeing their appropriate and exclusive use.
ALECO shows a varying level of performance across the three aspects of information
security. There is an opportunity for improvement in assigning a dedicated individual for recordkeeping and ensuring documents are solely used for their intended purposes. On the other hand, the
organization excels in providing and securely storing requested documents, reflecting solid
procedures in place for document management and security. To enhance overall information
security, ALECO should consider strengthening its practices where performance is moderate and
building upon its strengths in document sharing and storage.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Table 4
Respondents assessed the Data Privacy Act 2012 in ALECO in terms of effectiveness
frequency
EFFECTIVENESS
DPA 2012 leads to the awareness
of
constituents
of
the
transparency
of
ALECO
transactions
The requester was satisfied with
the documents requested
The requester is aware of the
legal purpose of the documents
requested from ALECO
H
I
3
9
1
1
2
1
0
8
I
4
1
1
0
5
9
3
M
I
N
I
Weig
hted
Mean
(wx̄)
2
2
8
5
6
2.252
6
6
0
3.316
9
8
0
3.236
Percentage (%)
M
I
N
I
TOT
AL
1
1
4
5
6
250
3
3
0
250
4
9
0
250
H
I
I
1
5
6
4
4
8
4
3
2
1
2
3
3
1
5
2
7
9
**Not Implemented (NI) 0.01-1 ; Moderately Implemented (MI) 1.01-2 ; Implemented (I) 2.01-3 ;
Highly Implemented (HI) 3.01-4
The data presented in Table 4 reflects the effectiveness of DPA 2012 in achieving various
objectives related to ALECO transactions. DPA 2012 has had a mixed impact on different aspects.
Firstly, regarding raising awareness about the transparency of ALECO transactions among
constituents, the data shows that it has been somewhat effective, with a weighted mean (wx̄) of
2.252. This suggests that while there is some progress in this area, there is room for improvement.
On the other hand, the data indicates a higher level of satisfaction among requesters with the
documents they have requested from ALECO, with a significantly higher weighted mean of 3.316.
This suggests that DPA 2012 has been more successful in meeting the requester's satisfaction
regarding the documents they receive. Additionally, requesters also have a good understanding of
the legal purpose of the documents requested, as indicated by a weighted mean of 3.236.
Table 5
Respondents assessed the Data Privacy Act 2012 in ALECO in terms of efficiency
Frequency
EFFICIENCY
ALECO follows the process
of properly releasing of
documents to the requester
ALECO timely released the
requested documents
ALECO
ensures
the
documents are released only
by an authorized personnel
H
I
8
6
1
0
1
5
9
I
1
2
1
1
0
7
1
0
3
Percentage (%)
M
I
N
I
TO
TA
L
4
3
0
250
2
3
1
9
250
8
2
6
250
H
I
3
4
4
4
0
4
2
3
6
I
3
6
3
3
2
1
3
0
9
M
I
N
I
Weig
hted
Mean
(wx̄)
8
6
0
3.172
1
9
3.16
6
2.86
4
6
1
6
4
**Not Implemented (NI) 0.01-1 ; Moderately Implemented (MI) 1.01-2 ; Implemented (I) 2.01-3 ;
Highly Implemented (HI) 3.01-4
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
The data provided in Table 5 represents an evaluation of ALECO's document release process
based on three specific criteria: efficiency, frequency, and the percentage of compliance within
different categories (High (HI), Intermediate (MI), and No Compliance (NI)). Regarding efficiency,
the weighted mean score (wx̄) for ALECO's process of properly releasing documents to the
requester is 3.172, indicating a relatively high-efficiency level.
ALECO is observed to have a balanced distribution across the HI, MI, and NI categories,
with a total of 250 evaluations. The most frequent category for timely document release is in the
HI group, with 101 instances, while the NI category had the least frequent occurrences. The
weighted mean score for this category is 3.16, suggesting a reasonably consistent performance.
However, to ensure documents are released only by authorized personnel, ALECO faces challenges
as the distribution is skewed towards the MI and NI categories, with a weighted mean score of 2.86,
implying room for improvement in this aspect. To enhance overall performance, ALECO may need
to focus on strengthening the control and authorization processes related to document release.
Test of Significant difference in the respondents’ assessment of the implementation of the
Republic Act 10173 or the Data Privacy Act of 2012 when grouped according to profile
Table 6
Test of Significant difference in the respondents' assessment when grouped according to age
Awareness
Accuracy of
Information
Security
Effectiveness
N
Mean
Std.
Deviation
pvalue
decision
Interpretati
on at .05
18 - 25 years old
30
3.0000
.46321
.133
Accept Ho
26 - 30 years old
52
2.7628
.58050
Not
Significant
31 - 35 years old
68
2.7549
.62193
36 - 40 years old
44
2.9015
.55022
.638
Accept Ho
Not
Significant
.005
Reject Ho
Significant
.007
Reject Ho
Significant
41 - 45 years old
30
2.9556
.53055
46 years old and above
26
2.6538
.64278
Total
250
2.8253
.58019
18 - 25 years old
26 - 30 years old
30
52
3.0556
3.1987
.54021
.46797
31 - 35 years old
68
3.0931
.47086
36 - 40 years old
44
3.0606
.51975
41 - 45 years old
30
3.2000
.49981
46 years old and above
26
3.1282
.53397
Total
250
3.1213
.49625
18 - 25 years old
30
3.0778
.60447
26 - 30 years old
52
2.9872
.63301
31 - 35 years old
68
2.9755
.74272
36 - 40 years old
44
3.0909
.68714
41 - 45 years old
30
2.4889
.70430
46 years old and above
26
3.0385
.71384
Total
250
2.9587
.70415
18 - 25 years old
30
2.9556
.79622
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Efficiency
26 - 30 years old
52
2.9808
.76244
31 - 35 years old
68
3.0049
.80934
36 - 40 years old
44
3.0985
.71013
41 - 45 years old
30
2.4333
.57502
46 years old and above
26
2.9359
.74248
Total
250
2.9347
.76614
18 - 25 years old
30
3.1333
.69811
26 - 30 years old
31 - 35 years old
52
68
3.1154
3.0490
.69822
.81296
36 - 40 years old
44
3.1136
.73644
41 - 45 years old
30
2.7556
.59970
46 years old and above
26
3.1795
.87041
Total
250
3.0627
.74869
.267
Accept Ho
Not
Significant
Table 6 presents the significant difference in the respondents' assessment of the
implementation of the Republic Act No. 10173 or the Data Privacy Act 2012 when grouped
according to age.
Results revealed that security and effectiveness are significant to age. With the p-values of .005
for security and .007 for effectiveness. Thus, the null hypothesis is rejected therefore there is a
significant difference in security and effectiveness when grouped by age. Other variables such as
awareness, accuracy of the information, and efficiency are not statistically significant to age.
Table 7
Test of Significant difference in the respondents' assessment when grouped according to gender
N
Awareness
Accuracy of
Information
Security
Effectiveness
Efficiency
Female
Mean
Std.
Deviation
177
2.8267
.56641
Male
73
2.8219
.61635
Total
250
2.8253
.58019
Female
Male
177
73
3.1318
3.0959
.49640
.49839
Total
250
3.1213
.49625
Female
Male
177
73
2.9096
3.0776
.69221
.72333
Total
250
2.9587
.70415
Female
Male
177
73
2.8738
3.0822
.73925
.81419
Total
250
2.9347
.76614
Female
Male
177
73
3.0339
3.1324
.71340
.82914
Total
250
3.0627
.74869
p-value
Decision
Interpretation at
.05
.952
Accept Ho
Not Significant
.604
Accept Ho
Not Significant
Accept Ho
Not Significant
.050
Accept Ho
Not Significant
.345
Accept Ho
Not Significant
.086
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Table 7 presents the significant difference in the respondents' assessment of the
implementation of the Republic Act No. 10173 or the Data Privacy Act 2012 when grouped
according to gender.
Results revealed that all the variables are not statistically significant to gender. With the
p-values greater than .05 which means that null hypotheses are accepted thus, there is no
significant difference on the respondents' assessment of the implementation of the Republic Act
No. 10173 or the Data Privacy Act 2012 when grouped according to gender.
Table 8
Test of Significant difference in the respondents' assessment when grouped according to
educational attainment
N
Mean
College
Elementary
93
41
2.9140
2.7886
.58339
.60441
Highschool
64
2.7552
.56731
Other
Total
52
250
2.7821
2.8253
.56740
.58019
College
Elementary
Highschool
93
41
64
3.1864
3.0813
3.0885
.50710
.47598
.48338
Other
52
3.0769
.50967
Total
College
Elementary
250
93
41
3.1213
2.9319
3.1382
.49625
.66040
.81300
Highschool
Other
64
52
2.9323
2.8974
.73025
.65192
Total
College
Elementary
250
93
41
2.9587
2.9391
3.0325
.70415
.71212
.93335
Highschool
Other
64
52
2.8490
2.9551
.81418
.65689
Total
250
2.9347
.76614
College
Elementary
93
41
3.0717
3.1301
.68604
.90945
Highschool
64
2.9792
.80535
Other
Total
52
250
3.0962
3.0627
.65125
.74869
Std.
Deviation
.314
.467
.352
.382
.744
p-value
decision
Accept Ho
Not
Significant
Accept Ho
Not
Significant
Accept Ho
Not
Significant
Accept Ho
Not
Significant
Accept Ho
Not
Significant
Interpretatio
n at .05
Table 8 presents the significant difference in the respondents' assessment of the
implementation of the Republic Act No. 10173 or the Data Privacy Act 2012 when grouped
according to educational attainment.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Results revealed that all the variables are not statistically significant to educational attainment.
With the p-values greater than .05 which means that null hypotheses are accepted, there is no
significant difference in the respondents' assessment of the implementation of the Republic Act
No. 10173 or the Data Privacy Act 2012 when grouped according to educational attainment.
Table 9
Test of Significant difference in the respondents' assessment when grouped according to ALECO
Franchise Area
Awa
rene
ss
Acc
urac
y of
Infor
mati
on
N
Mean
Std.
Deviation
p-value
decision
Interpretation
at .05
Libon
14
2.8810
.54861
.917
Accept Ho
Not Significant
Tiwi
5
2.7333
.68313
Bacacay
2
2.6667
.94281
Camalig
18
2.8333
.59683
Daraga
41
2.8049
.63673
Guinobata
n
Jovellar
11
2.9091
.66818
8
2.7917
.64087
Legazpi
City
Ligao
107
2.8567
.58656
4
3.0833
.16667
Malilipot
11
2.6970
.60470
Malinao
2
2.8333
.70711
Oas
1
2.6667
.00000
Pio Duran
1
3.0000
.00000
Polangui
12
2.5278
.45965
Rapu-rapu
2
3.1667
.23570
Santo
Domingo
Tabaco
5
3.0000
.23570
6
2.6667
.59628
Total
250
2.8253
.58019
Libon
14
3.3095
.42294
.865
Accept Ho
Not Significant
Tiwi
5
3.3333
.40825
Bacacay
2
3.1667
.23570
Camalig
18
3.0741
.57798
Daraga
41
3.2195
.54574
Guinobata
n
Jovellar
11
3.2121
.61955
8
2.9583
.37533
Legazpi
City
Ligao
107
3.0841
.47383
4
3.0833
.56928
Malilipot
11
2.9697
.54680
Malinao
2
3.0000
.47140
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Secu
rity
Effe
ctive
ness
Oas
1
3.6667
.00000
Pio Duran
1
2.6667
.00000
Polangui
12
3.1389
.50168
Rapu-rapu
2
3.1667
.70711
Santo
Domingo
Tabaco
5
3.0000
.52705
6
3.0556
.44305
Total
250
3.1213
.49625
Libon
14
4.0000
.00000
Tiwi
5
4.0000
.00000
Bacacay
2
4.0000
.00000
Camalig
18
4.0000
.00000
Daraga
41
3.5610
.28323
Guinobata
n
Jovellar
11
3.3333
.00000
8
3.2500
.15430
Legazpi
City
Ligao
107
2.6822
.33765
4
2.0000
.00000
Malilipot
11
2.0000
.00000
Malinao
2
2.0000
.00000
Oas
1
2.0000
.00000
Pio Duran
1
2.0000
.00000
Polangui
12
2.0000
.00000
Rapu-rapu
2
2.0000
.00000
Santo
Domingo
Tabaco
5
2.0000
.00000
6
2.0000
.00000
Total
250
2.9587
.70415
Libon
14
4.0000
.00000
Tiwi
5
4.0000
.00000
Bacacay
2
4.0000
.00000
Camalig
18
4.0000
.00000
Daraga
41
3.6667
.00000
Guinobata
n
Jovellar
11
3.3333
.00000
8
3.3333
.00000
Legazpi
City
Ligao
107
2.6822
.26455
4
2.0000
.00000
Malilipot
11
1.8788
.16817
Malinao
2
1.6667
.00000
Oas
1
1.6667
.00000
<.001
Reject Ho
Significant
<.001
Reject Ho
Significant
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Effic
ienc
y
Pio Duran
1
1.6667
.00000
Polangui
12
1.6667
.00000
Rapu-rapu
2
1.6667
.00000
Santo
Domingo
Tabaco
5
1.6667
.00000
6
1.6667
.00000
Total
250
2.9347
.76614
Libon
14
4.0000
.00000
Tiwi
5
4.0000
.00000
Bacacay
2
4.0000
.00000
Camalig
18
4.0000
.00000
Daraga
41
3.8293
.16869
Guinobata
n
Jovellar
11
3.5152
.17408
8
3.3333
.00000
Legazpi
City
Ligao
107
2.8660
.17650
4
2.1667
.19245
Malilipot
11
2.0000
.00000
Malinao
2
2.0000
.00000
Oas
1
2.0000
.00000
Pio Duran
1
2.0000
.00000
Polangui
12
1.8333
.17408
Rapu-rapu
2
1.6667
.00000
Santo
Domingo
Tabaco
5
1.6000
.14907
6
1.4444
.27217
Total
250
3.0627
.74869
<.001
Reject Ho
Significant
Table 9 presents the significant difference in the respondents' assessment of the
implementation of the Republic Act No. 10173 or the Data Privacy Act 2012 when grouped
according to ALECO franchise Area.
Results revealed that security, effectiveness and efficiency are significant to ALECO
franchise Area. With the p-values of <.001 for security, effectiveness and efficiency. Thus, the
null hypothesis is rejected therefore there is a significant difference on security, effectiveness and
efficiency when grouped to ALECO franchise Area. Other variables such as awareness and
accuracy of the information, are not statistically significant to length of residency.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Table 10
Test of Significant difference in the respondents' assessment when grouped according to length
of residency
Awareness
Accuracy of
Information
Security
Effectiveness
Efficiency
N
Mean
Std.
Deviation
pvalue
11 - 15 years
59
2.7966
.62212
.606
16 - 20 years
71
2.8920
.61663
21 years and
above
6 - 10 years
87
2.8314
.55655
22
2.6667
.48250
Less than 1 year
11
2.8182
.47990
Total
250
2.8253
.58019
11 - 15 years
59
3.2260
.48912
16 - 20 years
71
3.0986
.53569
21 years and
above
6 - 10 years
87
3.0843
.47745
22
3.1061
.47572
Less than 1 year
11
3.0303
.45837
Total
250
3.1213
.49625
11 - 15 years
59
3.9322
.16117
16 - 20 years
71
3.1784
.16744
21 years and
above
6 - 10 years
87
2.4828
.35129
22
2.0000
.00000
Less than 1 year
11
2.0000
.00000
Total
250
2.9587
.70415
11 - 15 years
59
3.8870
.15914
16 - 20 years
71
3.2441
.38197
21 years and
above
6 - 10 years
87
2.5172
.26295
22
1.6667
.00000
Less than 1 year
11
1.6667
.00000
Total
250
2.9347
.76614
11 - 15 years
59
4.0000
.00000
16 - 20 years
71
3.3239
.29799
21 years and
above
6 - 10 years
87
2.7088
.29555
22
1.8788
.16412
Less than 1 year
11
1.5152
.22918
Total
250
3.0627
.74869
Decision
Interpretation
at .05
Accept Ho
Not Significant
Accept Ho
Not Significant
.000
Reject Ho
Significant
.000
Reject Ho
Significant
.000
Reject Ho
Significant
.458
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Table 10 presents the significant difference in the respondents' assessment of the
implementation of the Republic Act No. 10173 or the Data Privacy Act 2012 when grouped
according to length of residency.
Results revealed that security, effectiveness and efficiency are significant to length of residency.
With the p-values of .000 for security, effectiveness and efficiency. Thus, the null hypothesis is
rejected therefore there is a significant difference on security, effectiveness and efficiency when
grouped to length of residency. Other variables such as awareness and accuracy of the
information, are not statistically significant to length of residency.
Challenges encountered by the respondents in the Republic Act 10173 or the Data Privacy
Act of 2012
Figure 8. Graphical of the Challenges encountered by the respondents in the Republic Act 10173
or the Data Privacy Act of 2012
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Figure 8 illustrates the primary challenges faced by the respondents. The terms "Not
aware," "Not familiar," "No comments," and the word "None" emerge as the most commonly
encountered challenges among the respondents.
Data Privacy Act of 2012 Proposed Implementation Plan for ALECO
Key Component of the
Implementation Plan
Objective
Action
Assess Current Awareness and
Compliance Status
To understand the current level of
awareness and compliance with the Data
Privacy Act of 2012 within ALECO.
Employee
Awareness
To ensure all ALECO employees are
aware of and understand the Data Privacy
Act of 2012.
Conduct an internal audit to identify existing
data privacy policies, practices, and
procedures.
Identify key personnel responsible for data
protection within the organization.
Develop a comprehensive training program
on data privacy for all employees.
Training
and
Data Protection Officer (DPO)
Appointment
Assign a Data Protection Officer to
oversee compliance with data privacy
laws.
Data Inventory and Mapping
Understand what personal data is being
collected and processed by ALECO.
Privacy Policies and Procedures
Create and implement privacy policies and
processes that comply with the Data
Privacy Act of 2012.
Consent Mechanisms
Ensure that ALECO obtains valid consent
for the collection and processing of
personal data.
Put in place the proper security procedures
to safeguard personal information.
Data Security Measures
Data Breach Response Plan
Regular Audits and Compliance
Monitoring
Develop a plan for responding to data
breaches in compliance with the Data
Privacy Act.
Continuously monitor and assess data
privacy compliance within ALECO.
Create educational materials, including
infographics and step-by-step procedures.
Conduct mandatory data privacy training
sessions for all staff.
Periodically test employees' understanding
through quizzes or assessments.
Identify and appoint a qualified individual as
the Data Protection Officer
Ensure the DPO has a clear understanding of
the Data Privacy Act and is responsible for
overseeing compliance.
Create a comprehensive data inventory that
documents all personal data collected and
processed.
Map the flow of data within the organization
to identify vulnerabilities and compliance
gaps.
Draft and implement a data privacy policy
that outlines ALECO's commitment to data
protection.
Develop and document procedures for
handling personal data, including data
breach response protocols.
Implement mechanisms for obtaining and
documenting informed consent from data
subjects.
Enhance data security through encryption,
access controls, and regular security audits.
Implement data retention policies to ensure
data is kept only as long as necessary.
Create a detailed data breach response plan
that includes communication procedures and
notification requirements.
Conduct periodic internal audits to ensure
ongoing compliance with the Data Privacy
Act.
Establish reporting mechanisms for
employees to raise privacy concerns or
report breaches.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
External Consultation and Legal
Compliance
Seek external legal counsel or consultants
to ensure full compliance with the Data
Privacy Act.
Public
Awareness
Communication
and
Improve
public
awareness
and
communication regarding data privacy.
Continuous
Regularly review and improve data
privacy practices to stay compliant and
secure.
Review
and
Improvement
Engage with legal experts to review
ALECO's policies and procedures for legal
compliance.
Stay updated on changes in data privacy
regulations and adjust policies accordingly.
Provide educational materials to customers
and stakeholders.
Establish effective communication channels
to address inquiries and concerns related to
data privacy.
Conduct periodic reviews and update
policies and procedures as necessary.
Stay informed about developments in data
privacy and make necessary adjustments.
ALECO may ensure compliance with the Data Privacy Act of 2012, raise awareness, and
safeguard the personal information of stakeholders and workers by adhering to this thorough
implementation strategy. Engaging all organizational levels and taking a proactive stance on data
privacy is crucial.
DISCUSSION
A. Data Analysis and Findings
Demographic Profile
Age
The figure illustrates the distribution of respondents' ages. The data reveals that the
largest segment of respondents falls within the age range of 31-35 years old, representing
27.2% of the total respondents, or 68 individuals out of the 250 surveyed. Following closely,
the 26-30 age group comprises the second-largest cohort, with 20.8% of the respondents,
totaling 52 individuals. The youngest age group, 18-25 years old, accounts for 12% of the
total respondents, corresponding to 30 participants. In contrast, the smallest number of
responses emanated from the age category of 46 years and above, with only 10.4% of the
total respondents, or 26 individuals out of the 250 surveyed.
Gender
The figure presents the gender distribution of the respondents. Most responses came
from the female population, comprising 70.8% or 177 out of 250 respondents. On the other
hand, 29.2% came from the population of male respondents, with a total of 73 out of 250
responses.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Educational Attainment
In the provided figure, the educational attainment of the surveyed respondents is
depicted. Notably, the largest segment, accounting for 37.2% of the total, corresponds to
individuals with a tertiary level of education, totaling 93 respondents. Following closely are
those who have completed High School, representing 26% of the respondents, with 64
individuals. A notable portion, 21% or 52 respondents, have completed vocational courses
or similar qualifications. In addition, 41 out of the 250 respondents reported having
completed only elementary education. This data offers valuable insights into the educational
background of the surveyed population, highlighting the prevalence of tertiary and high
school education among the respondents.
ALECO franchise area
The figure shows the geographic distribution of survey participants, emphasizing the
significance of Legazpi City, which accounts for 42.8% of respondents. Various towns, such
as Daraga and Camalig, exhibit efficient outreach, embracing both urban and rural regions to
get a thorough comprehension of data privacy awareness. There is need for improvement in
data privacy awareness initiatives within ALECO's service region as disparities in
involvement point to different reasons, such as outreach efficacy and population size.
Length of Residency
The figure illustrates the duration of residency among member-owner-consumers
of ALECO (Albay Electric Cooperative). Notably, the data reveals that a significant
portion of the respondents, a total of 87 individuals, have resided in Albay for 21 years or
more, constituting 35% of the total participants in the study. The second-largest group
comprises those who have lived in Albay for 16-20 years, representing 28% of the sample,
with 71 respondents falling into this category. Additionally, 59 respondents reported
residing in Albay for 11-15 years. Notably, there were no respondents with less than one
year of residency, highlighting the strong connection between residency duration and
ALECO membership.
Republic Act No. 10173 or the Data Privacy Act 2012 in the Albay Electric Cooperative
(ALECO)
Awareness
Table 1 is presented as an exemplification of a survey or evaluation of ALECO's
information handling procedures; it assesses three critical facets pertaining to their
information management. As demonstrated by the data, ALECO's efficacy differs in each
of these respects. ALECO was assessed moderately in terms of "Adherence to the proper
procedure for providing documents and information," as indicated by the highest percentage
(37.2%) of respondents who identified an area requiring refinement. The weighted mean
score of 2.452 indicates a satisfactory performance in this domain, albeit not outstanding.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
In contrast, ALECO obtained higher ratings in the "High" category for "Utilization of
suitable forms in information processing," specifically with a weighted mean score of 2.872.
This signifies their competence in employing the appropriate forms when processing
information.
Accuracy of information
Table 2 provided a quantitative evaluation of ALECO's performance in maintaining
the accuracy of information that is made available to the public. This evaluation takes into
account three key aspects: the appropriateness of the process in document and information
requests; the successful release of requested records; and the accuracy of delivered
documents as specified in the request form. This evaluation is essential because it helps
determine how well the organization is satisfying the requirements and requirements of the
public. The information is categorized into three different degrees of compliance: High (HI),
Intermediate (I), and Minimal (MI). According to the findings of the investigation, ALECO
does an excellent job of providing the proper documents in response to requests. Of the total
replies received, 97 of them (or 38.8%) received the highest possible compliance rating. On
the other hand, the component of ensuring that the public obtains correct papers or
information has the lowest level of success. Out of the total number of replies, 63 have been
rated as having Medium compliance, which accounts for 25.2% of the total.
Security information
Information security at ALECO is represented Table 3 according to three criteria: the
handling and safe-keeping of records; the provision of copies of requested documents; and
the guarantee of appropriate document usage. With a weighted mean score of 2.816 out of
5 in the first category, where the focus is on designating a primary contact for record
keeping, ALECO performs about average. This indicates that identifying a responsible
person for the secure storage of documents may be strengthened. ALECO performs better
than the competition on the second criterion, which involves making and storing copies of
required documents, with a weighted mean score of 3.176. This demonstrates that the
company has solid protocols in place for the distribution and storage of documents.
Effectiveness
The information provided in Table 4 illuminated the effectiveness of the Data Privacy
Act of 2012 (DPA 2012) on different facets pertaining to transactions involving ALECO
(presumably a government or organizational entity). The results indicate that DPA 2012 had
a varied effect on these particulars. The data indicates that DPA 2012 has had a moderate
impact on constituent awareness regarding the transparency of ALECO transactions, as
indicated by a weighted mean (wx˄) of 2.252. This indicates that efforts to increase
transparency may necessitate further enhancement, as some progress has been made in this
area but there is still room for improvement. Nevertheless, the data indicates that requesters
are considerably more satisfied with the documents they acquire from ALECO, as indicated
by the significantly higher weighted mean of 3.316. This finding implies that the DPA 2012
has accomplished a greater degree of success in ensuring the contentment of requesters with
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
the documents they obtain, thereby promoting the accessibility of documents. In addition,
a weighted mean of 3.236 indicates that requesters have a satisfactory comprehension of the
legal intent of the documents they request, according to the data. This implies that the
implementation of DPA 2012 has potentially improved legal compliance by fostering
greater clarity and comprehension among requesters concerning the documents they are
requesting. The aforementioned results emphasize the ongoing necessity for enhancing
transparency measures that preserve constituents' high levels of document satisfaction and
legal comprehension.
Efficiency
The presented information is an evaluation of ALECO's document release procedure
according to three criteria: effectiveness (how often documents are released), frequency
(how often violations are detected), and compliance level (how often violations are
classified as High, Intermediate, or No). ALECO's procedure for appropriately distributing
records to the requester receives a 3.172 on the efficiency scale, indicating a pretty high
degree of efficiency.
With a total of 250 ratings, ALECO is seen to have a very even distribution throughout
the HI, MI, and NI categories. With 101 occurrences, the HI group is far and by far the most
common for prompt document distribution, while the NI group has the fewest. The
category's weighted mean score is 3.16, indicating moderate consistency. The distribution
is biased towards the MI and NI categories, with a weighted mean score of 2.86 indicating
there is space for improvement in ALECO's ability to ensure documents are distributed only
by authorized people. It's possible that ALECO's overall performance may benefit from a
greater emphasis on regulating and authorizing the release of documents.
Significant difference in the respondents’ assessment of the implementation of the Republic
Act 10173 or the Data Privacy Act of 2012 when grouped according to profile
The study's findings provide important new information on how respondents' opinions of
the Data Privacy Act of 2012's implementation are influenced by demographic and location-based
variables. Notably, age is a crucial factor, since different age groups have different opinions about
security and privacy efficacy. Gender and level of education, however, do not appear to have any
appreciable impact on these evaluations. The survey does, however, highlight how strongly
respondents' perceptions of data privacy security, efficacy, and efficiency were influenced by
their ALECO franchise region and duration of residence. The practical implications of these
findings for policymakers and organizations underscore the need to customize data privacy
methods to meet the unique requirements of heterogeneous demographic and geographic subsets
within their intended audiences.
Challenges encountered by the respondents in the Republic Act 10173 or the Data Privacy
Act of 2012
Figure 8 provided a graphic summary of the most common issues that survey participants
had while evaluating how the Data Privacy Act of 2012 was implemented at Albay Electric
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Cooperative (ALECO). The terms "Not aware," "Not familiar," "No comments," and "None"
stand out as the most commonly mentioned barriers. This highlights a crucial problem:
respondents' ignorance of the appropriate steps to follow in order to comply with data privacy
laws. Respondents may know the basics of the Act, but they frequently don't know how to fully
exercise their legal rights and complete their legal obligations. As a result, this ignorance gap may
cause mistakes and obstacles in their attempts to conform. In order to successfully tackle this
problem, programs that raise awareness.
Data Privacy Act of 2012 Proposed Implementation Plan for ALECO
This study's multimodal approach is a complete way to improve ALECO's data privacy
awareness and compliance. The plan creates a solid basis for data privacy management, starting
with the critical actions of determining compliance status and current knowledge as well as
designating a dedicated Data Protection Officer (DPO). All employees are kept informed and
actively involved in compliance through employee training and awareness programs, which are
bolstered by instructional materials and frequent testing. The development of privacy rules,
processes, and permission mechanisms, in addition to data inventory and mapping, strengthen
ALECO's capacity to efficiently regulate the gathering and use of personal data.
To protect sensitive data, strong data security methods are included, such as encryption
and access controls. Creating a plan for responding to data breaches improves an organization's
ability to handle security problems. Data privacy vigilance is maintained by ongoing monitoring
by means of routine audits, internal reporting systems, and external legal compliance evaluations.
ALECO is dedicated to educating and involving stakeholders; public awareness and
communication campaigns further this goal, and regular evaluations and modifications guarantee
continued compliance and advancements. By combining many components, this allencompassing approach establishes a culture of data privacy and regulatory compliance at
ALECO, protecting individual data and the company's good name.
B. Conclusions
Following the above-cited findings, the researcher derived the following conclusions:
1. Demographic Profile:
Age: The data shows a concentration of responses in younger to middle-age brackets, with
fewer participants aged 46 and above. The majority fall in the 31-35 age range, followed
closely by 26-30. The 18-25 age group has fewer responses, and those aged 46 and above
are the least represented.
Gender: The data reflects a significant predominance of female respondents, with a notable
minority of male respondents.
Educational Attainment: In summary, the data reveals that the largest group consists of
individuals with a tertiary level of education, closely followed by high school graduates,
while a significant portion has completed vocational courses. A smaller percentage of
respondents have only achieved elementary education.
ALECO franchise area: The survey underscores the significance of Legazpi City,
particularly in its outreach to communities like Daraga and Camalig, encompassing both
urban and rural areas. The variations in participation emphasize the necessity for improved
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
data privacy awareness campaigns, influenced by the population size in ALECO's service
area and the effectiveness of its outreach efforts.
Length of Residency: The survey data reveals distinct residency patterns, with a notable
proportion having lived in Albay for over two decades. The second-largest group has a
residency duration of 16-20 years, followed by another substantial segment residing in
Albay for 11-15 years.
Republic Act No. 10173 or the Data Privacy Act 2012 in the Albay Electric Cooperative
(ALECO)
Awareness: In conclusion, the data analysis highlights that ALECO received moderate
ratings in terms of "Adherence to the proper procedure for providing documents and
information," signifying room for improvement in this area. However, they excelled in the
"Utilization of suitable forms in information processing" category, demonstrating their
proficiency in employing the correct forms during information processing.
Accuracy of information: In summary, the investigation results indicate that ALECO
excels in promptly providing requested documents, with a significant percentage receiving
the highest compliance rating. Conversely, the accuracy of the information provided to the
public represents an area with lower levels of success, as a notable portion falls into the
medium compliance category.
Security information: In summary, ALECO's performance in designating a primary
contact for record keeping is average, suggesting the need to strengthen the practice of
identifying a responsible individual for secure document storage. However, the
organization outperforms competitors in the second criterion by effectively making and
storing copies of required documents, with a higher weighted mean score.
Effectiveness: The data gathered implies that the implementation of DPA 2012 has
potentially improved legal compliance by fostering greater clarity and comprehension
among requesters concerning the documents they are requesting. The aforementioned
results emphasize the ongoing necessity for enhancing
Efficiency: In conclusion, the distribution of scores is skewed toward the MI and NI
categories, suggesting that ALECO could enhance its ability to ensure that documents are
distributed exclusively by authorized personnel. Strengthening the regulation and
authorization of document release may contribute to an overall improvement in ALECO's
performance in this aspect.
Significant difference in the respondents’ assessment of the implementation of the Republic
Act 10173 or the Data Privacy Act of 2012 when grouped according to profile
The study indicates how respondents' opinions on the Data Privacy Act of 2012 are
influenced by demographic and location-based factors. Opinions on security and efficacy are
greatly impacted by age, but not by gender or educational attainment. Perceptions of security,
efficacy, and efficiency are significantly influenced by the ALECO franchise location and
duration of residency. This emphasizes how crucial it is to have customized data privacy plans
for various locations and populations.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
Challenges encountered by the respondents in the Republic Act 10173 or the Data Privacy
Act of 2012
The study revealed that the lack of awareness of the respondents in the appropriate
procedure that Republic Act No. 10173 or the Data Privacy Act 2012 in the Albay Electric
Cooperative (ALECO) implements is a great challenge that they need to overcome.
Data Privacy Act of 2012 Proposed Implementation of Plan for ALECO
This comprehensive approach improves ALECO's data privacy awareness and
compliance. It includes compliance assessment, DPO appointment, employee training, privacy
policies, data security, breach response, audits, legal compliance, public awareness, and
continuous improvement. This fosters a data privacy culture, ensuring personal data protection
and organizational reputation.
C. Recommendations
The recommendations listed below are made based on the previously mentioned
conclusions:
1. This study recommends concentrating on the national, regional and global demographic data
in addition to name, age, and gender in order to gain insight at the implementation of Republic
Act 10173 or the Data Privacy Act of 2012 in the Albay Electric Cooperative (ALECO).
2. The research recommends ALECO management to adopt the suggested Implementation Plan
in order to fully comply with the act and solve the issues brought out by the respondents.
3. Future researchers are strongly encouraged to pursue the search for more improvements to
the entire procedure used in this study, to determine whether the claimed challenges have
been resolved or have worsened, and to fill in the gaps left by the researcher's time constraints.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
References
[1] Age of consent. (2022). Retrieved September 16, 2023, from LII / Legal Information Institute
website: https://www.law.cornell.edu/wex/age_of_consent
[2] Amazeen, M. A. (2019). Practitioner perceptions: Critical junctures and the global emergence
and challenges of fact-checking. The International Communication Gazette, 81(6-8), 541-561.
[3] Amazeen, M. A. (2020). Journalistic interventions: The structural factors affecting the global
emergence of fact-checking. Journalism, 21(1), 95-111.
[4] Analysis - hello - table 6: Length of residency residency where the families reside or where
they.
Studocu.
(n.d.). https://www.studocu.com/ph/document/our-ladyofassumptioncollege/community-health-nursing/analysishello/42202450?fbclid=IwAR3WKhtWVy0Ceu_mx67TGie0akTbeeAtIFYLoWZQqxrVh4Zj
DIXpQCTKw
[5] Aridor, G., Che, Y.-K., & Salz, T. (2020, June 9). The effect of privacy regulation on the
data
industry:
Empirical
https://www.ftc.gov/system/files/documents/public_events/1548288/privacycon2020guy_arid
or.pdf
[6] Babaylan, R. I. (2018, November 29). Envisioning Philippine Education. Academia.edu.
https://www.academia.edu/37881603/Envisioning_Philippine_Education
[7] Bala, R. (n.d.). Data Privacy Issues and Challenges: Lessons from Literature. Haryana, India;
Ibras.
[8] Beckley, T. (2003). The relative importance of sociocultural and ecological factors in
attachment to place. United States Department of Agriculture Forest Service General Technical
Report Pnw,566(566), 105-126.
[9] Beyer, M. A., & Laney, D. (2012). The importance of “big data”: A definition. Gartner.
Retrieved from https://www.gartner.com/doc/2057415/importance-big-data-definition
[10] Blank, G., Bolsover, G., & Dubois, E. (2014). A New Privacy Paradox: Young people and
privacy on social network sites. Paper presented at the annual meeting of the American
Sociological Association
[11] Breaux, R., & Jo, S. (2014, April 7). Designing and implementing an effective privacy
and security plan. Designing and Implementing an Effective Privacy and Security Plan.
https://iapp.org/news/a/designing-and-implementing-an-effective-privacy-and-security-plan/
[12] Cheruiyot, D. and Ferrer-Conill, R. (2018) “Fact-Checking Africa”, Digital Journalism,
6(8), 964-975.
[12] BRIONES, E. C., TAGLE, J. A. P., AVANCE, M. F. L., MINA, M. J. C., & LACAMBRA, R.
G. (2022). Implementation of Freedom of Information Act of 2016 in the Municipality of
Midsayap: Basis for a Proposed Implementation Plan.
[13] Ching-Yi Liu, Wei-Ping Li & Yun-Pu Tu, Privacy Perils of Open Data and Data Sharing: A
Case Study of Taiwan's Open Data Policy and Practices, 30 Wash. Int’l L.J. (2021). Available
at: https://digitalcommons.law.uw.edu/wilj/vol30/iss3/8
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
[14] David Hyman and William E. Kovacic, Implementing Privacy Policy: Who Should Do What?,
29 Fordham Intell. Prop. Media & Ent. L.J. 1117 (2019). Available at:
https://ir.lawnet.fordham.edu/iplj/vol29/iss4/3
[15] Definition of demographic age. (2023, September 16). Retrieved September 16, 2023, from
Collinsdictionary.com
website:
https://www.collinsdictionary.com/dictionary/english/demographic-age
[16] di Vimercati, S.D., Paraboschi, S., & Samarati, P. (2006). Access control: Principles and
solutions,” In H. Bidgoli (Ed.), Handbook of information security, volume 3. New York, NY:
John Wiley & Sons, Inc.
[17] Fabito, B., Celis, N., & Ching, M. R. D. (2018, October). Data Privacy Act of 2012: A Case
Study Approach to Philippine Government Agencies Compliance. Philippines; Article in
Journal of Computational and Theoretical Nanoscience.
[18] Gilfoil, C., Goldberg, N. G., Mason, P. L., Breslin, M. L., Yee, S., & Burke, G. (2023, July 11).
Risks and rewards of demographic data collection: How effective data privacy can promote
health equity. National Health Law Program. https://healthlaw.org/resource/risksandrewardsof-demographic-data-collection-how-effective-data-privacy-can-promotehealthequity/
[19] Hurwitz, J., Nugent, A., Halper, F., & Kaufman, M. (2013). Big data for dummies. Hoboken,
NJ: John Wiley and Sons.
[20] J. & Quaddus, M. (2013). Managing information systems: Ten essential topics. Paris: Atlantis
Press.
[21] Kaiser, A. F. (2016, July 1). Privacy and security perceptions between different age groups
while searching online. https://essay.utwente.nl/70190/1/Kaiser_BA_BMS.pdf
[22] Kasarda, J., & Janowitz, M. (1974). Community attachment in mass society. American
Sociological Review, 39(3), 328-328. doi:10.2307/2094293
[23] Lavrakas, P. J. (Ed.) (2008). Encyclopedia of survey research methods. (Vols. 1-0). Sage
Publications, Inc., https://doi.org/10.4135/9781412963947
[24] Lee, H., Wong, S. F., Oh, J., & Chang, Y. (n.d.). Information privacy concerns and
demographic
characteristics.
Scribd.
https://www.scribd.com/document/669561311/Information-privacyconcernsanddemographic-characteristics#
[25] Llu, T. (2012, September). Employee Privacy and Personal Information Protection in Japan.
Kobe University; https://www.researchgate.net/publication/369744464.
[26] Makarova, E., Aeschlimann, B., & Herzog, W. (2019). The Gender Gap in STEM Fields: The
Impact of the Gender Stereotype of Math and Science on Secondary Students’ Career
Aspirations. https://www.frontiersin.org/articles/10.3389/feduc.2019.00060
[27] Manikandan S. Measures of central tendency: The mean. J Pharmacol Pharmacother. 2011
Apr;2(2):140-2. doi: 10.4103/0976-500X.81920. PMID: 21772786; PMCID: PMC3127352.
[28] Manyika, J., Chui, M., Brown, B., Bughin, J., Dobbs, R., Roxburgh, C., & Byers, A. H. (2011).
Big data: The next frontier for innovation, competition, and productivity. McKinsey. Retrieved
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
from
http://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/bigdatathenextfrontier-for-innovation
[29] Mesiar, R., & Špirková, J. (2006). Weighted means and weighting functions. Kybernetika.
https://eudml.org/doc/33798#citations
[30] Meier, J.D., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R. & Murukan, A. (2003,
June). Threats
and
countermeasures.
Microsoft.
Retrieved
from
http://msdn.microsoft.com/enus/library/ff648641.aspx
[31] Mostert, M., Bredenoord, A. L., van der Slootb, B., & van Delden, J. J. (2018). From Privacy
to Data Protection in the eu: Implications for Big Data Health Research. European Journal of
Health Law, 25(1), 43-55. https://doi.org/10.1163/15718093-12460346
[32] National Electrification Administration (2017) Compliance to the Data Privacy Act of 2012
(NEA Memorandum 2017-023)Bottom of Form
[33] Park, J., & Vance, A. (2021, February 11). Data Privacy in Higher Education: Yes, students
care.
EDUCAUSE Review.
https://er.educause.edu/articles/2021/2/data-privacyinhighereducation-yes-students-caTop of Form
[34] Pinto, S. L. (2018, August). Privacy and Data Protection: A Study on Awareness and Attitudes
of Millennial Consumers on the Internet - An Irish Perspective. Ireland; National College of
Ireland.
[35] Pitogo, V. (2019). National Government Agency’s Compliance on Data Privacy Act of 2012 a
Case Study. Philippines; IOP Publishing.
[36] Presbitero, J. V., & Ching, M. R. D. (2018, June). Assessing Compliance of Philippine State
Universities to the Data Privacy Act of 2012: The Case of Caraga State University. Philippines;
ResearchGate.
[37] Portus Lourdes et.al (2018). Doing Social Science Research: A Guidebook. Philippine Social
Science Center, Commonwealth Avenue Diliman Quezon City Philippines.
[38] Ramos, David Paul R. (2019, October). Perceptions of Students, Faculty and Administrative
Staff on the Data Privacy Act: An Exploratory Study. Intramuros, Manila; DOI:
https://doi.org/10.7719/jpair.v38i1.733.
[39] Ray, R. (2020, January 13). The importance of collecting demographic data.
www.brookings.edu. https://www.brookings.edu/wpcontent/uploads/2020/01/1.15.20_Congressional-Testimony_Ray_Rashawn.pdf
[40] Republic Act 10173 - Data Privacy Act of 2012. National Privacy Commission. (2022,
February 12). https://privacy.gov.ph/data-privacy-act/
[41] Sheehan, K. B. (2002). Toward a Typology of Internet Users and Online Privacy Concerns.
The Information Society, 18(1), 21–32. doi:10.1080/01972240252818207
[42] Sigal Tifferet. (2019). Gender differences in privacy tendencies on social network sites: A
metaanalysis.
Computers
in
Human
Behavior,
93,
1–12.
https://doi.org/10.1016/j.chb.2018.11.046
[43] Snedecor, G.W. and Cochran, W.G. (1989) Statistical Methods. 8th Edition, Iowa State
University Press, Ames.
Electronic copy available at: https://ssrn.com/abstract=4621933
Implementation of Republic Act 10173 or the Data Privacy Act of 2012
[44] Snip, J. (2019, July). The Influence of Length of Residence on the Reasons for Place
Attachment
to
the
Neighbourhood.
chromeextension://efaidnbmnnnibpcajpcglclefindmkaj/https://frw.studenttheses.ub.rug.nl/357/1/S28
782278_Snip_ResidenceTimePl_1.pdf?fbclid=IwAR06awiAHc8gKe_gOMt172hXPlHqvda
W TBrZJIFDGDMDVF5MR2-bPfUYDg
[45] Tanate-Lazo, R. J. C., & Cabonero, D. A. (2021). Philippine Data Privacy Law: Is it
Implemented in a Private University Library, or not? Nebraska; University of Nebraska Lincoln.
[46] Tomasz Zukowski and Irwin Brown. 2007. Examining the influence of demographic factors on
internet users' information privacy concerns. In Proceedings of the 2007 annual research
conference of the South African Institute of Computer Scientists and Information Technologists
on IT research in developing countries (SAICSIT '07). Association for Computing Machinery,
New York, NY, USA, 197–204. https://doi.org/10.1145/1292491.1292514
[47] Trinidad, Jose E. (2019). Error-Proofing your Research. Ateneo de Manila University Press
Bellarmine Hall, Katipunan Ave. Loyola Heights Quezon City, Manila Philippines.
[48] Trinidad, Jose E. (2020). Researching Philippine Realities: A Guide to Qualitative,
Quantitative, and Humanities Research. Ateneo de Manila University Press Bellarmine Hall,
Katipunan Ave. Loyola Heights Quezon City, Manila Philippines.
[49] Wang, E. S.-T. (2018). Effects of Perceived Effectiveness of Privacy Legislations on Perceived
Effectiveness of Business Privacy Policies Consumer Trust in Service Providers, and
Perceived
Privacy Risk.
https://www.academia.edu/90902159/Effects_of_Perceived_Effectiveness_of_Privacy_Legis
l
ations_on_Perceived_Effectiveness_of_Business_Privacy_Policies_Consumer_Trust_in_Se
r vice_Providers_and_Perceived_Privacy_Risk
[50] West, M. (2009). Chapter 3, Preventing System Intrusions In Vacca, J. R. (Ed.), Computer and
information security handbook. Boston, MA: Morgan Kaufmann Publishers.
Websites:
https://www.nea.gov.ph/ao39/#
https://privacy.gov.ph/
http://www.prisma-statement.org/?AspxAutoDetectCookieSupport=1
Electronic copy available at: https://ssrn.com/abstract=4621933
Download