Privacy Policy
The National Telecommunications Commission (NTC) is committed to protecting the privacy, confidentiality, and security of information collected and processed through the Incident Notification Management System (INMS) Internal Portal This Privacy Policy explains how the system handles data submitted by NTC personnel, Central Office divisions, and Regional Offices when reporting and managing cybersecurity incidents.
By using this portal, all users agree to the terms outlined below.
Purpose of the INMS Internal Portal
The INMS Internal Portal is a secure platform dedicated to:
- Recording and tracking internal cybersecurity incidents affecting NTC’s ICT infrastructure.
- Coordinating responses between ICTD, NFD, and other NTC divisions/offices.
- Maintaining logs and documentation for compliance, auditing, and reporting.
- Supporting internal threat monitoring and vulnerability assessments.
The portal ensures that NTC’s own operations remain resilient and protected from cyber risks.
Information Collected
The INMS Internal Portal collects information strictly necessary for internal incident management, including:
- NTC personnel details (full name, official position, office/division, and contact information).
- Incident details (report date, type of threat, affected systems, description of incident, and actions taken).
- Technical indicators (system logs, IP addresses, error messages, timestamps, malware signatures).
- Organizational data related to internal ICT assets and networks.
- System-generated log data (IP address, browser type, access times, and activity records).
Cookies are used to support authentication, maintain login sessions, and enhance user experience.
Use of Information
Collected data is used for the following purposes:
- Managing and responding to internal incident reports.
- Coordinating response efforts between NTC divisions and regional offices.
- Conducting security audits and compliance monitoring.
- Improving system performance, user experience, and reporting accuracy.
- Strengthening security protocols and identifying recurring risks.
The information is not shared outside NTC, unless necessary for escalation to DICT, NCERT, or law enforcement authorities for critical cases.
Data Protection Measures
NTC enforces strong security and privacy controls to protect information stored within the INMS Internal Portal:
- Access restricted to authorized NTC staff only.
- Data encrypted at rest and in transit.
- Role-based access controls to prevent unauthorized disclosure.
- Regular system audits, penetration tests, and compliance checks.
- Secure backups and disaster recovery protocols.
All practices are aligned with the Data Privacy Act of 2012 (RA 10173) and relevant government security standards.
Data Retention
Internal incident records are retained based on NTC’s regulatory and operational requirements:
- Active incidents remain stored until formally closed.
- Closed incidents are archived for auditing and lessons learned.
- Data exceeding retention periods will be securely deleted or anonymized.
User Responsibilities
NTC personnel using the INMS Internal Portal are expected to:
- Submit timely and accurate incident reports.
- Protect their login credentials and avoid unauthorized sharing.
- Use the system exclusively for official NTC purposes.
- Refrain from misreporting, falsifying, or tampering with incident records.
Misuse of the portal may result in disciplinary action and, if necessary, legal consequences.
Policy Updates
This Privacy Policy may be revised periodically to reflect:
- Updates in NTC security procedures.
- New government regulations or standards.
- Enhancements to the INMS Internal Portal.
All changes will be communicated to NTC personnel through official channels.
Contact Information
For technical support, incident troubleshooting, or account assistance, NTC staff may contact the INMS technical support team: