Bautista questions NPC decision on his liability for ‘Comeleak’
Comelec Chairman Andres Bautista. INQUIRER FILE PHOTO/ MARIANNE BERMUDEZ
The chairperson of the Commission on Elections (Comelec) on Thursday questioned the decision of the National Privacy Commission (NPC) deeming him criminally liable for the 2016 “Comeleak” data breach.
In a statement, Comelec chairperson Andres Bautista said the NPC’s findings were based “on a misappreciation of several facts, legal points, and material contexts.”
The NPC, in a 35-page decision, said the poll body violated Sections 11, 20 and 21 of Republic Act 10173 or the Data Privacy Act.
Only Bautista was named as solely responsible for the data breach in March 2016, which led to the leakage of personal data of millions of Filipino voters.
READ: 55M at risk in ‘Comeleak’
The NPC ordered the Comelec and its chairperson to name a data protection officer and conduct an agency-wide privacy impact assessment, as well as to implement organizational, physical and technical security measures in compliance with the Data Privacy Act.
The Comelec chairperson said the agency relied on its information technology (IT) department for expert advice on IT and data security.
“As the head of agency, in areas where I did not have specific expertise, I generally trusted the advice and recommendations of our IT experts,” Bautista said.
He added that many private IT companies and government agencies have faced data breach or hacking attempts despite the presence of security measures.
“Given the foregoing, should the focus not be on apprehending the hackers instead of punishing the hacked?” the Comelec chairperson asked. RAM/rga
