Vito Barcelo reports:
The National Privacy Commission found the Commission on Elections liable for violating the Data Privacy Act of 2012 and recommended the criminal prosecution of Chairman J. Andres D. Bautista for “the worst recorded breach on a government-held personal database in the world” last March.
In a decision, dated Dec. 28, on NPC Case No. 16-001, the NPC underscored Bautista’s “lack of appreciation” of the principle that data protection is more than just implementation of security measures.
[…]
The personal data in the breach is contained in several databases kept in the website: (a) the voter database in the Precinct Finder web application with 75,302,683 records; (b) the voter database in the Post Finder web application with 1,376,067 records; (c) the iRehistro registration database with 139,301 records; (d) the firearms ban database with 896,992 personal data records and 20,485 records of firearms serial numbers; and (e) the Comelec personnel database with 1,267 Comelec personnel.
Further illustrating the breadth of the breach, the NPC decision also gave a rundown of what types of compromised sensitive personal information were contained in Comelec’s two web-based applications.
“The voter database in the Precinct Finder application contained each voter’s complete name, date of birth, gender, civil status, address, precinct number, birthplace, disability, voter identification number, voter registration record number, reason for deletion/deactivation, registration date, and update time.”
Read more on The Standard.