MANILA, Philippines — The Commission on Elections (Comelec) has withheld the payment of P90 million to Smartmatic over the supposed data breach linked to one of its contractual employees, senators were told Tuesday.
According to Comelec chairman Saidamen Pangarungan, he has yet to sign the release of P90 million to Smartmatic.
“We want to clear this matter about this leakage,” he told the Senate electoral reforms and people’s participation committee, which is conducting an inquiry into election-related concerns.
In May 2021, the Comelec announced it awarded to the joint venture of Smartmatic USA Corp. and local partner SMMT-TMI 2016 (Smartmatic Philippines) the P402.7-million contract to provide the elections software to be used on the May 9 polls.
The P90-million payment was supposed to be released to Smartmatic in early March.
However, Pangarungan said the Comelec will release the said amount “once we are convinced the Smartmatic is innocent about this leakage of the data.”
Smartmatic legal officer Christian Lim confirmed to the Senate panel that the payment to the company had been withheld.
Lim, meanwhile, assured that Smartmatic is “cooperating in every way possible” with the poll body.
On March 17, Senate panel chairman Senator Imee Marcos said “there indeed was a security breach in the Smartmatic operation,” citing what senators had been told during an executive session.
“We directed our law department to study the contracts that we have with Smartmatic and to find out what extent of actions we can take against Smartmatic,” Pangarungan told senators.
“The recommendation of the law department is that if there is a violation of the contract, namely unsatisfactory performance of Smartmaric of its obligation to provide automated election system or contact with partisan organization or group or violation of the obligations and confidentiality and/or violation of the Data Privacy Act, we have…courses of action,” he added.
Among these courses of action include the termination of its contract with the company and possible blacklisting, forfeiture of performance security, damages pursuant to the Data Privacy Act and the Civil Code of the Philippines and filing of criminal cases pursuant to the Data Privacy Act, according to Pangarungan.
He said that aside from the withholding of the P90-million payment, Comelec has not yet taken any of these courses of action.
“It is the recommendation of the law department to wait for the official investigation report of the NBI (National Bureau of Investigation) in order for the commission to be in a better position to assess the extent of the breach and the proper course of action to take,” the Comelec chairman said.
Behind the supposed security breach is a contractual employee hired by Smartmatic in August 2021.
According to the NBI, the employee was promised cash of up to P300,000 and “training modules” in exchange for access to the Smartmatic systems through his company-issued laptop.