Comelec to limit voters’ info online to prevent hacking
Comelec spokesman James Jimenez says steps are being taken to prevent another data leak. (INQUIRER FILE PHOTO)
To prevent a repeat of the 2016 “Comeleak” data breach, the Commission on Elections (Comelec) is considering limiting the information publicly available on its website’s precinct finder service.
Comelec spokesperson James Jimenez said some information could be withheld online, including the voter’s residential address.
Personal questions would also be limited to those answerable by “yes” or “no” while voters can verify the district where they are voted by inputting their addresses.
“If we can limit the information that it is strictly responsive to the question, then that is a form of data protection,” Jimenez said. “We can remove the availability of other information in the database so it won’t be that inviting to hackers.”
He made the remarks at a recent forum in Manila, during which he discussed the Comelec’s efforts to protect the data of millions of voters following last year’s Comeleak fiasco.
In March 2016, the Comelec website was defaced and hacked, with sensitive voter information of over 77 million voters compromised and leaked on the internet.
Last month, the National Privacy Commission said Comelec chair Andres Bautista may be indicted and criminally prosecuted for the data breach.
Among the corrective measures was the designation of a data protection officer, a privacy impact assessment, and the creation of a privacy management program and breach management procedure.
Jimenez noted that one of the vulnerabilities of the Comelec website prior to the data breach was its precinct finder feature.
“If you can create a database which is limited as to its content of information, it may be harder to hack. That includes deciding what information is available online,” he said.
