Privacy body: Comelec, Smartmatic not liable in breach of 'non-sensitive' data

This file photo shows the Commission on Elections headquarters in Manila.
Philstar.com / AJ Bolando, file

MANILA, Philippines — The National Privacy Commission has cleared the the Commission on Elections and tech provider Smartmatic of liabilities from the breach of the poll body’s systems or servers and instead recommended the prosecution of an ex-Smartmatic employee for intentional breach.

According to a statement from the poll body, the decision was made in September 22 last year based on a case filed by the NPC Complaints and Investigation Division. Comelec officials received the notice only Tuesday before 6 p.m. and were only given a full copy from its own Law department Wednesday.

The allegations of data privacy involved survey forms and the overseas voters list.

"With respect to the survey forms, the NPC found that while there had been a breach in Smartmatic’s servers due to the actions of some of its employees, there is no obligation on the part of Comelec to comply with the mandatory breach notification under Section 11 of NPC Circular 16-03 in relation to Section 20(f) of the Data Privacy Act," Comelec spokesman John Rex Laudiangco said in a statement.

The NPC also sent a copy of its decision and case records to the Secretary of Justice and recommended the prosecution of former Smartmatic employee Ricardo Argana, Winston Steward, and other unidentified individuals for their unauthorized access or intentional breach of their records.

Argana previously admitted that he allowed third-party access to his employee laptop in exchange for “training materials” and said he was offered P50,000 to P300,000 for access to Smartmatic’s facilities. 

READ: Comelec holds back P90-million payment to Smartmatic over alleged data breach

NPC found that the breach did not involve sensitive personal information or other data that can be used for fraud. On top of this, the data leaked also would not cause serious harm. 

Meanwhile, the overseas voters list issue was also set aside due to the lack evidence that proved the leak came from either the Comelec and Smartmatic’s services. 

"The list contained data fields for height and weight, which are not collected by Comelec in any of its forms for voter registration," Laudiangco noted. 

Show comments