Multimedia Data Privacy and Content Handling

  1. Overview
  2. Policies
  3. Multimedia Data Privacy and Content Handling

1. Purpose

It aims to:

  • Protect learner privacy in compliance with the Philippine Data Privacy Act (RA 10173) and its IRR.

  • Ensure ethical and lawful capture, editing, storage, and publication of multimedia content.

  • Prevent data breaches, misuse of learner images, and unauthorized disclosure through media.

2. Scope

Who This Policy Covers

This policy applies to all:

  • Multimedia interns, editors, graphic designers, illustrators, animators, and motion graphics artists.

  • Contractors, agencies, or collaborators producing media for WyzLab.

  • Other employees who capture, edit, or publish photos, videos, or graphics using WyzLab accounts.

What This Policy Covers

This policy governs all multimedia assets that may contain personal data:

  • Photos and videos of learners, instructors, staff, or partners.

  • Audio recordings (voice overs, interviews, class recordings).

  • Screen recordings or screenshots that show names, emails, dashboards, chats, or scores.

  • Design files (Figma, Adobe, Canva, etc.) and exported graphics that display personal data.

Non‑personal media (pure stock, abstract illustrations, generic icons) remain governed by IP and brand rules but not by data privacy provisions, unless combined with personal data.

3. Legal and Regulatory Framework

  • Data Privacy Act of 2012 (RA 10173) and IRR: Requires lawful basis, transparency, proportionality, security, and respect for data subject rights when processing personal data, including in photos and videos.

  • NPC Education and Online Learning Advisories: Emphasize consent and careful use of student images and online class screenshots in educational content and social media.

  • NPC Guidance for Content Creators and Vloggers: Treats filming and publishing identifiable individuals as personal data processing; requires notices, masking when needed, and respect for takedown requests.

4. Data Classification for Multimedia

4.1 Public Multimedia

May be shared externally when approved:

  • Marketing videos, photos, graphics, and motion graphics that:

    • Use stock content or professional talent with valid licenses and releases; or

    • Use learner or staff images with signed consent forms covering the specific purpose and channels.

  • Content that does not display grades, scores, or other sensitive details.

4.2 Internal Multimedia

For internal use only:

  • Raw recordings of classes, workshops, or user interviews.

  • Draft edits, working files, storyboards, and preview links.

  • Internal training videos and reference screenshots.

4.3 Confidential and Highly Sensitive Multimedia

Treated with the highest protection:

  • Footage or images showing:

    • Full names together with scores, assessment results, certificates, or payment details.

    • Private messages, chat logs, or emails.

    • Minors in identifiable situations (homes, uniforms, locations).

  • Rule: All raw footage containing learner PII is presumed Highly Sensitive until sanitized and approved.

Highly Sensitive Multimedia must never be:

  • Posted on personal social media.

  • Shared via public links or unsecured drives.

  • Used in public marketing materials without explicit consent and redaction.

5. Capture and Consent

5.1 Lawful Basis and Consent

  • Obtain written consent before using any learner’s image, voice, or identifiable details for marketing, testimonials, case studies, or public content.

  • For minors, obtain consent from a parent or legal guardian; consent must be specific, informed, and documented.

  • Consent forms must state:

    • Purpose (e.g., promotional video, social media post).

    • Platforms (website, Facebook, YouTube, print).

    • Duration and right to withdraw consent and request takedown.

5.2 Recording and Screenshot Practices

  • Make cameras optional in online sessions used for recording, where feasible, especially for learners.

  • Avoid showing entire participant lists, chat windows, or dashboards in recordings unless necessary and documented.

  • When capturing screens:

    • Turn off or hide tabs and windows that show emails, IDs, or payment details.

    • Use demo or test accounts where possible.

6. Editing, Redaction, and Anonymization

6.1 Redaction Standards

Before exporting or publishing, multimedia staff must:

  • Blur or mask:

    • Email addresses, learner IDs, phone numbers, and addresses.

    • Quiz scores, grades, and detailed feedback.

  • Crop out or overlay elements that reveal sensitive information (e.g., private chats).

  • Use pseudonyms or first names only where identity is not essential to the message.

6.2 Version Control and File Management

  • Maintain clear folders:

    • RAW (Highly Sensitive) – original footage and source files with PII.

    • SANITIZED – INTERNAL – redacted versions for internal training or review.

    • APPROVED – PUBLIC – final assets cleared for publication.

  • Do not export or share RAW materials outside approved storage or without a documented business need.

7. Storage, Access, and Retention

7.1 Storage and Devices

  • Store multimedia containing personal data only on:

    • WyzLab‑managed cloud storage (Google Workspace, etc.) with access controls.

    • Approved project management or DAM tools with organization accounts.

  • Prohibited:

    • Saving PII‑containing content on personal USBs, personal Google Drive, or unencrypted local devices, except where explicitly authorized and encrypted.

7.2 Access Control

  • Access to RAW and Highly Sensitive multimedia is limited to:

    • Assigned multimedia staff on the project.

    • Tech/marketing leads and the Privacy/Data Protection Officer for review.

  • Access must follow least‑privilege and be revoked when an intern or contractor leaves or changes role.

7.3 Retention and Deletion

  • RAW media with PII:

    • Keep only as long as needed for editing, approvals, and any legal/contractual requirements.

    • Default: review after project completion and archive or delete within 2 years, unless a longer retention is documented.

  • Upon withdrawal of consent:

    • Stop using the individual’s image/voice in future materials.

    • Take reasonable steps to remove or replace content already posted, where technically and contractually feasible.

8. Social Media and Public Posting

8.1 Official Channels

  • Any multimedia containing identifiable learners or staff must be:

    • Checked for compliance with this policy (no unapproved PII; consent verified).

    • Approved by the marketing lead and the Privacy/Data Protection Officer or designated privacy lead before posting.

8.2 Personal Accounts

  • Staff and interns may not:

    • Post behind‑the‑scenes photos, screenshots, or clips showing learner names, faces, or dashboards on personal accounts without written approval.

    • Reuse WyzLab footage that includes learners for personal portfolios unless anonymized or consented and cleared.

8.3 Responding to Privacy Requests

  • If any person featured in content requests removal or blurring:

    • Acknowledge the request and escalate to the Privacy/Data Protection Officer.

    • Evaluate lawful basis and consent; if appropriate, edit, take down, or replace the content within a reasonable period.

9. Incident Reporting and Breach Response

  • Examples of multimedia‑related incidents:

    • Posting a video that accidentally shows a learner’s email and test score.

    • Losing a laptop or drive containing RAW class recordings with minors.

  • If an incident occurs:

    • Immediately inform Yza and the designated incident channel.

    • Stop further sharing, lock down access, and assist in assessing impact (how many individuals, what type of data).

    • Follow WyzLab’s main incident response plan and NPC breach notification requirements when applicable.

10. Training and Awareness

  • All multimedia staff and interns must, during onboarding:

    • Read this policy and the general WyzLab Data Privacy Policy.

    • Attend a short orientation on RA 10173 and NPC’s online learning/media privacy guidelines.

    • Complete a short quiz or checklist on redaction and consent.

  • Refresher training occurs at least annually or after any significant incident or regulatory update.

11. Roles and Responsibilities

  • CEO / Management

    • Approve this policy and ensure resources for compliance.

  • Data Protection Officer / Privacy Lead

    • Draft and update consent templates and releases.

    • Review high‑risk multimedia projects (large campaigns, minors, sensitive topics).

  • Multimedia Lead / Multimedia Interns

    • Apply redaction standards in all edits.

    • Organize RAW, SANITIZED, and APPROVED folders and enforce retention timelines.

    • Flag any uncertainty about consent or privacy risks before publishing.

  • All Staff Participating in Recordings

    • Inform participants when sessions will be recorded and potentially used beyond internal training.

    • Coordinate with the DPO when planning shoots involving learners or minors.

12. Policy Review and Updates

  • This policy is reviewed at least annually or earlier when:

    • There are major changes in NPC guidance affecting media and online learning.

    • New platforms or content formats introduce additional privacy risks.

  • Updated versions are circulated via internal channels and require acknowledgment from affected staff and interns.

Written by Yza Last updated January 22, 2026
Was this article helpful?