In early March, I wrote my daily activity, including the people I interacted with, in a journal. I thought it might help me later on… Read More »Surveillance technologies to fight the #coronavirus pandemic must respect human rights
Have you watched Netflix’s “The Great Hack”? The film is a compelling documentary on the Facebook-Cambridge Analytica data scandal. After watching the film, I hope… Read More »How do we protect ourselves in the post-Cambridge Analytica world?
This was first published on Sunday Business & IT on January 6, 2019. Living Life well online 2018 was the year for data breaches which… Read More »Possible security issues faced by the consumer in 2019
The National Privacy Commission recently held its first assembly for government Data Protection Officers
“Kung di tayo kikilos, sino ang kikilos? Kung ‘di ngayon, kailan pa? (If we won’t act, then who else will? If not now, when?)” National… Read More »The National Privacy Commission recently held its first assembly for government Data Protection Officers
After a computer at the Office of the Election Officer (OEO) in Wao, Lanao del Sur was stolen last January 11, 2017, the National Privacy Commission (NPC) ordered the Commission on Elections (COMELEC) to take serious steps to address its vulnerabilities. Are we looking at Comeleak Part 2?
Let me start with the facts surrounding the robbery then add my perspective.
Between March 20 and 27, 2016, the largest data breach on a government-held personal database (dubbed Comeleak), happened when personal information of voters were accessed and downloaded from Comelec’s databases and published publicly by a hacker group.
In a decision dated December 28, 2016, the National Privacy Commission (NPC) found the Commission on Elections (COMELEC) liable for violating the Data Privacy Act of 2012 (or Republic Act No. 10173). It has also recommended criminal prosecution against COMELEC Chairman J. Andres D. Bautista, being the head of the agency.
The decision on NPC Case No. 16-001, described Bautista’s reaction to the breach as a “lack of appreciation” of what data protection really involves. “Data privacy is more than the deployment of technical security; it also includes the implementation of physical and organizational measures, as well as regular review, evaluation, and updating of COMELEC’s privacy and security policies and practices.”