ICT Literacy and Competency Development Bureau (ILCDB)
Department of Information and Communications Technology (DICT)

ILCDB Information System (ICTAIS) | Effective Date: March 15, 2026 | Version 1.0

1. Introduction

The Department of Information and Communications Technology — ICT Literacy and Competency Development Bureau ("ILCDB," "we," "us," or "our") is committed to protecting the privacy and security of personal information collected through the ILCDB Information System (ICTAIS).

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have under the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

      By accessing or using ICTAIS, you acknowledge that you have read and understood this Privacy Policy.
    

2. Scope

This policy applies to all personal information processed by ICTAIS in connection with:

NICS-based digital skills assessments
Training program registration, delivery, and completion tracking
Certification management
Stakeholder coordination among DICT regional offices, partner agencies, trainers, and participants
Administrative and operational functions of ILCDB

3. Personal Information We Collect

Depending on your role in ICTAIS, we may collect the following:

Identity data: Full name, date of birth, sex/gender, civil status
Contact data: Email address, mobile/telephone number, mailing address
Government identifiers: Government-issued ID type and number (used for identity verification only)
Employment data: Employer/agency, position/designation, office address
Training and assessment data: Program enrollments, assessment scores, competency levels, certifications earned
System usage data: Login timestamps, IP addresses, actions performed within the system (audit logs)
Account credentials: Username and hashed password (passwords are never stored in plaintext)

4. Purpose and Legal Basis for Processing

We process personal information for the following purposes:

Delivery of government services — managing training programs and assessments mandated under DICT's functions
Identity verification — confirming participant and stakeholder identities prior to program enrollment
Program monitoring and evaluation — tracking competency development outcomes for policy and reporting
Certification issuance — generating and recording official certifications of completion or competency
System security and integrity — maintaining audit trails, detecting unauthorized access, and ensuring data accuracy
Compliance and reporting — fulfilling legal, regulatory, and inter-agency reporting obligations

Processing is grounded on the performance of a government function and, where applicable, consent obtained at the point of data collection.

5. How We Use Your Information

Collected data is used strictly within the purposes stated above. Specifically:

Training records are used to generate certificates and competency reports.
Assessment results are analyzed in aggregate to measure program effectiveness.
Audit logs are reviewed only for security investigations and compliance audits.
Personal data is not used for commercial profiling or marketing.
Data is not sold, rented, or traded to third parties.

6. Data Sharing

Your personal information may be shared with:

DICT Central and Regional Offices — for coordination of training delivery and reporting
Partner government agencies — only when required by law, inter-agency agreement, or with your consent
Authorized third-party service providers — such as cloud infrastructure or email service providers, bound by strict data processing agreements
Law enforcement or regulatory bodies — only when legally compelled and in accordance with due process

All data sharing arrangements require appropriate data sharing agreements compliant with NPC guidelines.

7. Data Retention

Personal data is retained for the minimum period necessary to fulfill the purposes for which it was collected, consistent with DICT records management and archiving policies:

Training and certification records: Retained for at least ten (10) years for reference and verification
System audit logs: Retained for at least three (3) years
Inactive accounts: Reviewed for deletion or anonymization after two (2) years of inactivity

Upon expiry of the retention period, data is securely deleted or anonymized.

8. Data Security

We implement appropriate technical and organizational security measures, including:

Encrypted data transmission (HTTPS/TLS)
Password hashing using industry-standard algorithms (no plaintext storage)
Role-based access control — users access only data relevant to their assigned role
Comprehensive audit trails for all state-changing and security-relevant actions
Regular system security reviews and vulnerability assessments
Restricted physical and logical access to production servers

Despite these measures, no system can guarantee absolute security. In the event of a personal data breach, we will notify affected individuals and the National Privacy Commission (NPC) in accordance with RA 10173.

9. Your Rights as a Data Subject

Under the Data Privacy Act of 2012, you have the right to:

Be informed — know how your data is collected and processed
Access — request a copy of your personal data we hold
Correction/Rectification — have inaccurate or incomplete data corrected
Erasure or Blocking — request deletion or blocking of data no longer necessary for the stated purpose, subject to legal retention requirements
Object — object to processing based on legitimate interests, where applicable
Data Portability — obtain a copy of your data in a structured, machine-readable format
File a Complaint — lodge a complaint with the National Privacy Commission (NPC)

To exercise these rights, contact our Data Protection Officer (see Section 11).

10. Cookies and System Logs

ICTAIS uses session cookies strictly necessary for authentication and secure operation of the system. These cookies are not used for advertising or cross-site tracking. System logs record user actions for security and audit purposes as described in Section 4.

11. Contact — Data Protection Officer

For privacy concerns, requests, or complaints, contact:

Office	ICT Literacy and Competency Development Bureau (ILCDB), DICT
Address	Department of Information and Communications Technology, Studio 7, 807 Epifanio de los Santos Avenue, Diliman, Quezon City, 1103 Metro Manila
Email	support.academy.dict.gov.ph
Website	dict.gov.ph

You may also file a complaint directly with the National Privacy Commission (NPC) at privacy.gov.ph.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in law, technology, or our practices. The updated policy will be posted within ICTAIS with a revised effective date. Continued use of the system after such updates constitutes acceptance of the revised policy.