MALACAÑANG on Friday called on the Commission on Elections (Comelec) to release the results of an internal investigation into the data heists that resulted in the theft of over 55 million personal records from the poll body’s website.
In a statement, Presidential Communications Secretary Martin Andanar said the so-called “Comeleak,” the massive breach in the Comelec database before the 2016 elections, should not be downplayed.
“The Comeleak has been described as one of the worst breaches of a government-controlled database. Thus, it is an issue that simply cannot be swept under the rug,” Andanar said.
“We exhort that Comelec release a report of an investigation it conducted on the data leak, if any, to maintain the credibility of the constitutional body and uphold the integrity of the electoral process,” he added.
The Palace official issued the call following the recommendation of the National Privacy Commission (NPC) to file criminal charges against Comelec Chairman Andres Bautista and the poll body itself for the theft of millions of voters’ personal records.
Andanar lauded the commission “for taking the side of the people whose privacy has been violated.”
The commission found Bautista criminally liable for the cybersecurity breach, and guilty of “gross negligence” for his failure to establish a data protection policy that could have prevented the hacking.
“Comelec should come clean and hold itself accountable for the millions of data that became susceptible to risks such as identity theft and fraud,” Andanar said.
“Let us put an end to election-related maneuverings and ensure that any attempt to subvert the people’s will, no matter how sophisticated, will not succeed,” he added.
Bautista, in a statement on Thursday, denied the accusations against him and the Comelec even as he vowed to contest the ruling.
“With all due respect to the NPC membership, we believe that the NPC decision was based on the misappropriation of several facts, legal points and material contexts,” he said.
Bautista maintained that the Comelec did due diligence in protecting its data even before the hacking of its website in March 2016, by following generally accepted standards and international best practices with regard to its technology-related activities and services.
He questioned as well the decision pointing to him as solely responsible for the data breach, saying “these are matters that are best left to information technology [IT] experts.”
“Unlike the NPC, which is run by IT practitioners, the Comelec en banc is currently managed by seven lawyers. Hence, we rely on our IT Department for expert advice on website/data security and privacy and IT-related matters,” he said.