Foundation for Media Alternatives Revisits Comelec Breach of 2016
With two years already having elapsed since the Philippines’ biggest government data breach grabbed hold of global headlines, non-government organization, Foundation for Media Alternatives (FMA),has released a briefing paper providing a summarized account of the events surrounding the infamous hacking incident.
The document proposes some major takeaways and action points, both on the part of government and the private sector.
When news of the so-called “Comeleak” first broke out, the ensuing public panic was exacerbated by wildly conflicting accounts from the Commission on Elections (Comelec), the hacker groups claiming responsibility for the incident (i.e., Anonymous Philippines andLulzSec Pilipinas), and law enforcement authorities. It would take a months-long investigation carried out by the then newly-minted National Privacy Commission (NPC) before some degree of clarity was achieved, through the agency’s December 2016 Decision, and the brief Preliminary Report it issued a few months prior.
If one recalls, the NPC found the Comelec and its then-Chairman, Andres Bautista, both liable for violating a number of provisions of the country’s Data Privacy Act (DPA). It went so far as to recommend to the Department of Justice the filing of criminal charges against Bautista, whilemaking no other findings of liability on the part of the other respondents initially named in the case.
With the case now pending before the appellate court, the world has since bore witness to a number of other election- or voter-related data crises. Mexico and the U.S., for instance, suffered even bigger information leaks just weeks after the incident. Then just these past month, this Facebook-Cambridge Analytica controversy has highlighted anew the extent by which misuse of data—even as innocuous as that shared via online quizzes—can threaten the very foundations of a democratic society.
In its paper, FMA looks back at that historic moment before suggesting to the various stakeholders some steps it deems necessary to prevent similar privacy breaches in the future, namely:
These measures become even more relevant today as the Philippines prepares for another set of elections.