THE Commission on Elections has improved its compliance with privacy requirements after the controversial “Comeleaks” where hackers accessed the Commission on Elections database of over 70-million registered voter records last year, a National Privacy Commission official said Tuesday.
“If you ask me, the compliance of the Comelec has gone a long way from when it happened,” NPC Commissioner Raymund Liboro told reporters in a news briefing at Malacañang.
The Comelec’s measures to strengthen its safeguards against any future data leaks were being finetuned, including the appointment of a data protection officer, coming up of their own privacy management program, and an ongoing privacy impact assessment is already underway, Liboro said.
Organizational and physical measures to avoid any future possible data breach is already being implemented in the poll body, he added.
Last year, the group Anonymous Philippines defaced the Comelec’s website while another one, the LulzSec Pilipinas, accessed the Comelec’s database containing over 70-million registered voter records, both active and deactivated.
Robbers also broke into the office of the election officer of Wao, Lanao del Sur and stole a computer containing a copy of the national list of registered voters and biometric records, including photos, of all 55,000 registered voters of the town.
Despite appeals from the Comelec, Liboro said that they found sufficient evidence “to recommend, initiate proceedings against Comelec chairman Andres Bautista” for failing to implement then provisions under the Data Privacy Act of 2012.
To avoid any possible data breach in the future, agencies were likewise directed to conduct a privacy impact assessment to check vulnerabilities within their organizations and come up with a privacy manual to put on paper how the general public can be assured that their private information are protected.
Agencies were also directed to strictly enforce security measures against data breaches.
In the same press briefing, the NPC announced plans for the first Data Protection Officers Summit to take up the looming concerns about data security on April 5.
The summit, Liboro said, will explore avenues and new approaches for the government to further beef up its defense against violation of data privacy rights, data breaches, and on how to further secure important information of the general public.