February 16, 2017 -
According to a report by Rappler, the Philippines’ Commission on Elections (Comelec) is facing another data breach investigation after one of its computers containing biometric data of the country’s 55 million voters was stolen last month.
The incident follows the National Privacy Commission (NPC) recent ruling that the Comelec should be held liable for the March 2016 database breach with Comelec chairman J. Andres D. Bautista set to face criminal charges for the negligence.
Bautista has assured the public that the data in the recent theft had been encrypted, making it less susceptible to a breach.
The NPC is investigating if a criminal act is involved and is considering the possibility that the Comelec failed to comply with the Data Privacy Act of 2012, in particular “that the personal information controller must safeguard personal information against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing”.
The law says that “persons who, due to negligence, provided access to personal information without being authorized” will have to pay a fine of $10,000 to $80,100 USD and that “accessing sensitive personal information due to negligence shall be penalized by imprisonment ranging from 3 years to 6 years”.