In March 2016, the Philippines took global headlines by storm when the Commission on Elections (COMELEC) website was breached and several voters’ databases were leaked online. The breach, popularly referred to as COMELeak, is now known to be one of the biggest government-related breaches in world history as it involved the personal information of around 55 million registered Filipino voters.
One year after the breach, public outcry has died down, and calls for transparency in the investigation have essentially dissipated for the most part. The National Privacy Commission has released the result of its investigation on the incident, holding the COMELEC liable for several violations of the Data Privacy Act but recommending criminal prosecution only of COMELEC Chairperson Andres D. Bautista.
What is crucial right now is for the government to take this time to adopt a more serious and careful approach to data privacy; specifically, in the way it processes the personal information of the people. If anything, this breach has been able to do what privacy advocates here and abroad have been trying to impress upon the public these past couple of years: emphasize the importance of privacy and the crucial role of the government in its promotion and protection from all types of harm.
The harms and threats caused by this breach to the data subjects are continuing; and so efforts must be made to sustain the public’s attention and awareness as well. A year has passed, but “they” still have our data. A year has passed, but do people really know what happened? An infographic by FMA, shown below, provides an overview of the breach.