NPC dismisses case accusing Comelec, Smartmatic of data privacy violations | Inquirer News

NPC dismisses case accusing Comelec, Smartmatic of data privacy violations

By: - Reporter / @zacariansINQ
/ 07:47 PM January 18, 2023
NPC dismisses case accusing Comelec, Smartmatic of data privacy violations

FILE PHOTO

MANILA, Philippines — The National Privacy Commission (NPC) has dismissed a case against the Commission and Elections (Comelec) and its election software partner Smartmatic over data privacy violations.

According to the Comelec in a statement on Sunday, the NPC, through a decision dated Sept. 22, found the two  “not liable” for Concealment of Security Breaches Involving Sensitive Personal Information under Section 30 of the Data Privacy Act (DPA)

ADVERTISEMENT

“The CID (Complaints and Investigation Division) alleged that the personal data breaches in the servers of survey forms and Smartmatic involved first, survey forms and second, overseas voters list,” said NPC.

“However, upon investigation, it was found that Comelec and Smartmatic are not liable for Concealment of Security Breaches Involving Sensitive Personal Information under Section 30 of the Data Privacy Act (DPA),” it added.

FEATURED STORIES

According to the NPC, Violation of Section 30 requires that first, a personal data breach occurred, second, the breach requires notification to the PC, and third, the person knowingly conceals the fact of such breach from the NPC.

The alleged concealed security breach must also require mandatory breach notification under Section 20 of the DPA.

However, the NPC found that while there was indeed a breach, “it did not involve sensitive personal information or information that may be used to enable identity fraud.”

“The unauthorized acquisition is not likely to give rise to a real risk of serious harm,” it said.

“Thus, the breach in the servers does not require mandatory breach notification to the NPC. And since the COMELEC and Smartmatic do not have an obligation to notify the NPC of the breach under Section 20(f) of the DPA, both may not be held liable for violation of Section 30 of the DPA,” it added.

Overseas voters list

Meanwhile, the NPC also said that it was not “sufficiently proved” that the list containing the personal data of at least 139,100 individuals came from a breach of Smartmatic and Comelec servers.

Apart from this, the list contains data fields for height and weight, which Comelec does not collect in any of its forms for voter registration.

ADVERTISEMENT

Thus, the NPC concluded that no breach occurred in Smartmatic’s servers concerning the overseas voters’ list.

“CID was not able to provide substantial evidence that directly links the alleged breach in Smartmatic’s servers to Comelec’s servers or system. Thus, Comelec may not be held liable for violation of Section 30 of the PA in relation to the overseas voters list,” it said.

RELATED STORIES:

Comelec to review contract with Smartmatic amid security breach allegations

Smartmatic assures ‘2022 PH elections are 100% safe and secure’

NBI: Ex-employee of Smartmatic admitted ‘deal’ in systems breach

JMS
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

Read Next
Don't miss out on the latest news and information.

Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.

TAGS: Comelec, Smartmatic
For feedback, complaints, or inquiries, contact us.
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.



© Copyright 1997-2023 INQUIRER.net | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.