The Philippines’ Commission on Elections (Comelec) has been found at fault in an investigation by a government body into a data breach last year which included biometric details.
The Philippines’ National Privacy Commission (NPC) has said Comelec Chairman J. Andres D. Bautista will face criminal charges for the negligence.
“Data privacy is more than the deployment of technical security; it also includes the implementation of physical and organizational measures, as well as regular review, evaluation, and updating of Comelec’s privacy and security policies and practices,” the decision reads.
In the hacking incident last March, the entire database of the Comelec was exposed, including the personal data of 55 million Philippine voters.
The NPC stated that the incident was the worst recorded breach on a government-held personal database in the world, based on sheer volume.
An investigative report by Trend Micro into the leak showed that the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. It said there was also 15.8 million record of fingerprints and a list of people running for office since the 2010 elections.