Comeleak

Comeleak Part 2? What is known and what still needs to be done

After a computer at the Office of the Election Officer (OEO) in Wao, Lanao del Sur was stolen last January 11, 2017, the National Privacy Commission (NPC) ordered the Commission on Elections (COMELEC) to take serious steps to address its vulnerabilities. Are we looking at Comeleak Part 2?

National Privacy Commission Commissioner Raymund Liboro and Commission on Elections Executive Director Jose Tolentino, Jr.

 

 

Let me start with the facts surrounding the robbery then add my perspective.

Read More »Comeleak Part 2? What is known and what still needs to be done

NPC decision on ‘Comeleak’ finds COMELEC Chair Bautista criminally liable

Between March 20 and 27, 2016, the largest data breach on a government-held personal database (dubbed Comeleak), happened when personal information of voters were accessed and downloaded from Comelec’s databases and published publicly by a hacker group.

In a decision dated December 28, 2016, the National Privacy Commission (NPC) found the Commission on Elections (COMELEC) liable for violating the Data Privacy Act of 2012 (or Republic Act No. 10173). It has also recommended criminal prosecution against COMELEC Chairman J. Andres D. Bautista, being the head of the agency.

The decision on NPC Case No. 16-001, described Bautista’s reaction to the breach as a “lack of appreciation” of what data protection really involves. “Data privacy is more than the deployment of technical security; it also includes the implementation of physical and organizational measures, as well as regular review, evaluation, and updating of COMELEC’s privacy and security policies and practices.”

Read More »NPC decision on ‘Comeleak’ finds COMELEC Chair Bautista criminally liable