MANILA, Philippines - The Commission on Elections (Comelec) confirmed that a copy of the national voters' list was on a computer that was stolen in January at the poll body's field office in Wao, Lanao del Sur.

In a press conference on Monday, February 20, Comelec Executive Director Jose Tolentino Jr said the National List of Registered Voters (NLRV) contains the demographics data of nearly 76 million active and deactivated voters as of October 2016, but not their biometrics data.

Only the biometrics data of voters in Wao are on the stolen computer, where the municipality's Voter Registration System (VRS) is stored, said the Comelec and the National Privacy Commission (NPC).

Based on latest Comelec statistics, Wao has 58,364 registered voters, of which 40,991 are for the barangay elections and 17,373 are for the Sangguniang Kabataan (SK) elections. Among them, 35,491 barangay voter records and 17,336 SK voter records are active.

The NPC is investigating the incident. Tolentino said that the Wao local police is also looking into the robbery.

"This is the 2nd breach involving the Comelec voter registration database" in a span of less than a year, said NPC Commissioner Raymund Liboro. In March 2016, hackers leaked voter records stored in the Comelec website, in what was said to be the biggest leak of personal information in Philippine history.

In December 2016, the NPC said it found Bautista "criminally liable" for the said massive breach, which has since become known as "Comeleak."

Delay in notification

Tolentino, who also serves as the Comelec's data protection officer, said the robbery at the Comelec-Wao office took place at around midnight of January 11. A police report on the incident quoted a local employee saying that the unidentified suspect or suspects may have "gained entry through the improvised window at the back portion of the Comelec office."

"What they stole was the new [computer]. There are still old computers there. That's why we were thinking this was an ordinary incident," Tolentino added.

The Comelec's mindset "is on the operational aspect of voter registration," he added. "That's why the first thing that we did...is to ensure that another computer will be available for Wao so as not to interrupt the registration process."

Security measures

In response to the break-in, the NPC ordered the Comelec to erase copies of the NLRV in the computer systems in 1,656 election offices in all cities and municipalities nationwide.

The privacy body also ordered the Comelec to notify affected voters in the NLRV and in Wao's voter registration system within two weeks. NPC's compliance order to Comelec was issued on February 10.

Tolentino said that, on January 23, his office recommended to the Comelec en banc the installation of CCTV cameras in all field offices nationwide. This would mean a procurement of CCTVs estimated at P63.4 million through public bidding.

Additional security measures – such as multifactor authentication and the use of biometrics to access the VRS and NLRV, and a mandatory VRS password change every quarter – will be implemented, Tolentino said.

He also reported that Comelec regional election officers have been instructed to implement interim security measures to secure voter data, "pending the issuance of the key policies related to data security, use, processing, storage and disposal." – Rappler.com

Next Page >