The NPC criticized Comelec Chair Bautista for his "lack of appreciation" on the need for stringent cybersecurity measures, allowing data of millions of Filipino voters to be stolen from the Comelec database and be made available online for downloading by a group of hackers.
The National Privacy Commission (NPC) said that Commission on Elections Chairman Juan Andres "Andy" Bautista had committed “gross negligence” under the Data Privacy Act of 2012, or Republic Act No. 10173.
Since dubbed "Comeleak," the cybersecurity breach is one of the biggest data heists in history that saw the theft of as many as 55 million personal records from the Comelec website.
It can be recalled that prior to the May 2016 national elections, the Comelec website was hacked, which later led to the leakage of voters' data.
In its decision, the commission stressed Bautista's lack of appreciation for data protection, which it said is more than just the implementation of security measures.
Below are ten things the public should know about the NPC’s decision versus Chairman Bautista regarding the #COMELEAK, compiled by the Internet and ICT Rights Advocacy Organization Democracy.Net.PH:



Infographic by Jelorene Vitaliano