NPC wants Comelec chairman Andres D. Bautista charged with a criminal case

The NPC (National Privacy Commission) wants Commission on Elections (COMELEC) Chairman Andres D. Bautista charged with a criminal case for committing negligence of his duties under the Data Privacy Act of 2012.

The basis for NPC’s recommendation to sue Bautista came from the March 2016 hacking that exposed millions of voters’ personal information. The sensitive personal information included the voters’ complete names, addresses, birthdays, and passport numbers. These were all posted on a website by the hacker.

The incident caught a lot of attention, not only in the country, but in the whole world. This made the event to be labeled as the “worst ever recorded breach on a government-controlled database”.

The commission led their own study and determined how Bautista and Comelec violated the rules of the Data Privacy Act of 2012.

The findings cited that Bautista and Comelec lacked a designated officer to look out for any possible intruder. When the commission reviewed the details of the Comelec policies, they also found out that there was nothing to cover data privacy rulings.

“What is clear is the lack of appreciation on the part of the Comelec chairman that data protection is more than just implementing of security measures, but must begin from the time of collection of personal data, to its subsequent use and processing up its storage and destruction,” according to NPC.

“The willful and intentional disregard of his duties as head of agency, which he should know or ought to know, is tantamount to gross negligence,” NPC added, referring to Bautista.

The commission talked to the DOJ to conduct an investigation to further determine the possible flaws of Comelec during that time.

The Data Privacy Act states that the consequences for such violation that were supposedly committed by Bautista equates to imprisonment from 3 to 6 years and a fine from Php500,000 to Php4 million.