Department of Information and Communications Technology

SUBJECT: TERMS OF REFERENCE FOR PUBLIC INFORMATION SERVICES

Rationale:

The Data Privacy Act of 2012 (DPA) was enacted to bring the Philippines in line with
international data protection standards on personal data.

In this light, there shall be requests for information that concern to identify the people from the
data combined with the other information kept (or if anyone may disclose the information could
identify concerned persons. Overall, there is a need to evaluate in disclosing information-

 Where individuals are mentioned in the information; and

 In situations in which information about individuals may be included in material

released by the Department taking into account the personal information released shall
not breach privacy, under the DPA;

These concerns shall not just be limited in cases of information requests on DICT employees but
in the dealings of the Department with the public or private business. More importantly, in the
case of DICT, the Department has custody of the data and records on behalf of other
government agencies as stored in systems regarding citizens and business in their transactions
with the Government.

The DICT is thus required to ensure that personal information, including sensitive personal
information, in its custody or under its control is disclosed only as permitted by existing laws;
Moreover the Department shall protect individual information by making reasonable security
arrangements against its distribution, or premature disclosure;

All presents and underscores the imperative that all requests for information shall be evaluated,
raising the need for encompassing guidelines and controls by the Department

Objective:

The Department of Information and Communications Technology (known hereafter as "DICT")

desires to have an efficient method of servicing information requests directed to their office.

This initiative aims to store records to service information requests from different data sources
and in various formats within an information & document repository by means of a multi-model
database. The information within each record will be partitioned into several logical sections.
One section will contain the record’s public information while other sections can have their own
security requirements. This reinforces the prescribed information security measures from a
system standpoint.

When an information request comes into the office, the DPO officer will search the repository to
locate the relevant information and/or document. The officer will select the results relevant to
the request and the system will provide a document data export disclosing only the information
pertinent to the request’s security level or in properly serving the agency or the public.
 Disclosure of data elements can be done by removing it entirely from the export or by redacting
it using deterministic or non-deterministic methods, in the document being released.

DICT aims to engage with a professional Consulting Services Provider (known hereafter as
"CONSULTANT") to build the foundation version of the public information repository system
utilizing the Government Common Platform (GCP) for the Enterprise Business Intelligence Tools
and Applications.

An in-depth information gathering, data analysis shall be conducted and recommend and
develop a solution to address this requirement.

Contract Amount:

The contract amount for the Document Protection Consulting Services will be in the amount of
(Three million pesos) PHP 3,000,000.00, in Philippine Currency and inclusive of VAT.

Duration of the Project:

August to October 2018.

Scope of Services

The CONSULTANT during the duration of the engagement is expected to:

 Conduct information and data-gathering sessions via a series of discussions with the
stakeholders.

 Consult and verify information gathered with the client application development team
to ensure that he/she has the correct and current data.

Development tasks during the engagement:

a) Load Documents:

 Load a representative set of records to be housed within the multi-model

database. Initially it is assumed that these records are stored either in another
system or are in text files that have a flat or hierarchical structure.

b) Implement Security Levels:

 Based on the discussions with the key stakeholders, identify the security levels
to be implemented.
 Apply these security rules to the pre-loaded documents.

c) Develop a Search Portal:

 Create a web portal that would allow authorized personnel to search the
repository using free text, refine results using facets, filters, and order them by
relevance.
 The portal should be secured based on user access rights.
  The portal should allow for the creation and download of a data export
containing a set or subset of the search results determined by the user and the
desired level of information to disclose.

d) Develop a Statistics Dashboard:

 Create a dashboard showing application activity based on the application-

related information gathered above.
 Audit of document access, review & distribution, data exports, and attempts to
export non-public information.

Terms of Payment

Payment milestones shall be set and shall be deliverable-based.

Other Terms and Conditions:

 On-Site work will be performed at DICT Head-office.