Between March 20 and 27, 2016, the largest data breach on a government-held personal database (dubbed Comeleak), happened when personal information of voters were accessed and downloaded from Comelec’s databases and published publicly by a hacker group.
In a decision dated December 28, 2016, the National Privacy Commission (NPC) found the Commission on Elections (COMELEC) liable for violating the Data Privacy Act of 2012 (or Republic Act No. 10173). It has also recommended criminal prosecution against COMELEC Chairman J. Andres D. Bautista, being the head of the agency.
The decision on NPC Case No. 16-001, described Bautista’s reaction to the breach as a “lack of appreciation” of what data protection really involves. “Data privacy is more than the deployment of technical security; it also includes the implementation of physical and organizational measures, as well as regular review, evaluation, and updating of COMELEC’s privacy and security policies and practices.”
Read More »NPC decision on ‘Comeleak’ finds COMELEC Chair Bautista criminally liable