Philippine SUCs compliance performance on RA 10173: a case study on Bukidnon State University

The advancements in technologies have accelerated educational institutions by improving service delivery while reducing costs. As a result, it provided avenues of learning, the use of online discussions, Virtual Learning Environments (VLEs) and mobile technologies, thus making data security vulnerable. With these, it is imperative that through the lens of R.A. 10173 and NPC's five pillars that data be protected by a policy that is sustained and executed effectively. This qualitative research using case study technique aimed to evaluate, explore and explain the level of compliance of Bukidnon State University (BukSU) with RA 10173. Likewise answering the research question how does PSUCs apply and integrate R.A. 10173 with its Information Systems and Business Processes? Using single case holistic design with common rationale, and pattern matching technique in interpreting the tabulated results. It was found out that BukSU, just like most government agencies in the Philippines, is qualitatively described as Partial Compliant. Furthermore, their compliance was due to moral suasion, where BukSU, considers it as its moral obligation to protect the students and its employees' data. An initiative from PASUC, to come up with a Data Privacy Manual that will serve as a model for all PSUC's in drafting their own manual, where BukSU practices can be aligned with that of PASUC. After the September 11, 2017, deadline, BukSU invested in a UTM Unified Threat Management with a three-year license to safeguard university data resources.