MANILA, Philippines – Commission on Elections Chairman Andres Bautista yesterday asked Congress to conduct a full-blown investigation into the so-called Comeleak as he questioned the findings of the National Privacy Commission (NPC) on the hacking of the Comelec’s voter database.
Bautista also suggested that an inquiry should be conducted on the NPC’s ruling that he claimed was based on “misappreciated facts, legal principles and contexts.”
“We are transparent in the way we operate. We are open to investigation, but perhaps it’s also a good idea to have a hearing in aid of legislation so we can get to the bottom of this,” Bautista told The STAR.
In its Dec. 28 ruling, the NPC found the Comelec negligent in ensuring the privacy of its database, violating Republic Act 10173 or the Data Privacy Act of 2012.
This stemmed from the hacking of its website between March 20 and 27 last year or weeks before the May 9 polls.
The NPC had recommended the criminal prosecution of Bautista for the data breach.
Malacañang yesterday directed the Comelec to release its own findings.
Presidential Communications Operations Secretary Martin Andanar said the data breach in the Comelec should be looked into because it casts doubt on the integrity of the agency and the elections.
“The Comeleak has been described as one of the worst breaches of a government-controlled database. Thus, it is an issue that simply cannot be swept under the rug,” Andanar said.
Andanar said the Comelec should be held liable for the data breach that affected millions of voters.
If Comelec conducted any investigation, the results should be made public, Andanar stressed.
“We exhort that Comelec release a report of an investigation it conducted on the data leak, if any, to maintain the credibility of the constitutional body and uphold the integrity of the electoral process,” Andanar said.
“Comelec should come clean and hold itself accountable for the millions of data that became susceptible to risks such as identity theft and fraud,” he added.
Andanar also welcomed the decision of the NPC, which recommended the criminal prosecution of Bautista.
“Comelec must not only protect the vote but it must protect the voter as well. The National Privacy Commission is thus commended for taking the side of the people whose privacy has been violated,” he said.
Bautista, on the other hand, gave assurance that Comelec has several reports on the issue.
“We will release the results in due time,” he said.
According to Bautista, NPC erred in its decision and did not consider the compliance report they submitted on Dec. 29, a day before the deadline set by NPC.
“On June 21, 2016, they issued an order that we submit a compliance report by Dec. 31. We complied and submitted a report on Dec. 29 which is the last working day (for 2016). But on Dec. 29, we received the decision dated Dec. 28. So it is clear that NPC did not take our compliance report into consideration,” he said.
Bautista also questioned the basis of the NPC findings, which were issued in the absence of any implementing rules and regulations at the time of the investigation.
“The privacy act was enacted in 2012 but the commission (NPC), itself, was only constituted in March 2016 and that is also the same time that the hacking happened. It seems that they are making an example out of us. I think this is their first decision,” he said.
Bautista added that before March 2016, there have been many hacking incidents but the NPC failed to investigate them.
In an earlier statement, Bautista said the Office of the Solicitor General, representing the Comelec, will be filing a motion for reconsideration with the NPC.
He maintained that the data breach or hacking is not a new phenomenon.
“Many leading private IT companies and government agencies here and abroad were confronted by data breaches despite putting in place security measures,” Bautista said.
“Given the foregoing, should the focus not be on apprehending the hackers instead of punishing the hacked?” he asked. – Christina Mendez