National Privacy Commission

The National Privacy Commission issues data security alerts for individuals and Data Protection Officers

Holidays have always been working days for bad elements. These are times when people leave their homes to go on vacation or visit other relatives and friends. The National Privacy Commission (NPC) notes that personal data breaches have been known to happen during holidays because, usually, only a skeleton force stays on company premises. Locally, remember the 2016 personal data breach that occurred at the Commission on Elections, now termed Comeleak. Also remember the Bangladesh bank heist? The one that involved a local commercial bank? That also happened over a holiday.

The NPC has issued security reminders for both individuals and Data Protection Officers assigned to protect critical personal information.

Read More »The National Privacy Commission issues data security alerts for individuals and Data Protection Officers

Comeleak Part 2? What is known and what still needs to be done

After a computer at the Office of the Election Officer (OEO) in Wao, Lanao del Sur was stolen last January 11, 2017, the National Privacy Commission (NPC) ordered the Commission on Elections (COMELEC) to take serious steps to address its vulnerabilities. Are we looking at Comeleak Part 2?

National Privacy Commission Commissioner Raymund Liboro and Commission on Elections Executive Director Jose Tolentino, Jr.

 

 

Let me start with the facts surrounding the robbery then add my perspective.

Read More »Comeleak Part 2? What is known and what still needs to be done

NPC decision on ‘Comeleak’ finds COMELEC Chair Bautista criminally liable

Between March 20 and 27, 2016, the largest data breach on a government-held personal database (dubbed Comeleak), happened when personal information of voters were accessed and downloaded from Comelec’s databases and published publicly by a hacker group.

In a decision dated December 28, 2016, the National Privacy Commission (NPC) found the Commission on Elections (COMELEC) liable for violating the Data Privacy Act of 2012 (or Republic Act No. 10173). It has also recommended criminal prosecution against COMELEC Chairman J. Andres D. Bautista, being the head of the agency.

The decision on NPC Case No. 16-001, described Bautista’s reaction to the breach as a “lack of appreciation” of what data protection really involves. “Data privacy is more than the deployment of technical security; it also includes the implementation of physical and organizational measures, as well as regular review, evaluation, and updating of COMELEC’s privacy and security policies and practices.”

Read More »NPC decision on ‘Comeleak’ finds COMELEC Chair Bautista criminally liable