In view of the “ComeLeak” or “ComeLeaks” (the data security breach in the Comelec, the most massive in history, where the personal information and data of about 70 million registered voters were stolen and published by hackers) the following are the pertinent provisions of the Data Privacy Act:
Section 16. xxx e) Suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected. In this case, the personal information controller may notify third parties who have previously received such processed personal information; and
(f) Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information. Xxx SEC. 26. Accessing Personal Information and Sensitive Personal Information Due to Negligence. – (a) Accessing personal information due to negligence shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.
(b) Accessing sensitive personal information due to negligence shall be penalized by imprisonment ranging from three (3) years to six (6) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Four million pesos (Php4,000,000.00) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.
SEC. 27. Improper Disposal of Personal Information and Sensitive Personal Information. – (a) The improper disposal of personal information shall be penalized by imprisonment ranging from six (6) months to two (2) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but not more than Five hundred thousand pesos (Php500,000.00) shall be imposed on persons who knowingly or negligently dispose, discard or abandon the personal information of an individual in an area accessible to the public or has otherwise placed the personal information of an individual in its container for trash collection.
b) The improper disposal of sensitive personal information shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but not more than One million pesos (Php1,000,000.00) shall be imposed on persons who knowingly or negligently dispose, discard or abandon the personal information of an individual in an area accessible to the public or has otherwise placed the personal information of an individual in its container for trash collection. SEC. 29. Unauthorized Access or Intentional Breach. – The penalty of imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who knowingly and unlawfully, or violating data confidentiality and security data systems, breaks in any way into any system where personal and sensitive personal information is stored.
SEC. 30. Concealment of Security Breaches Involving Sensitive Personal Information. – The penalty of imprisonment of one (1) year and six (6) months to five (5) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00) shall be imposed on persons who, after having knowledge of a security breach and of the obligation to notify the Commission pursuant to Section 20(f), intentionally or by omission conceals the fact of such security breach.
SEC. 31. Malicious Disclosure. – Any personal information controller or personal information processor or any of its officials, employees or agents, who, with malice or in bad faith, discloses unwarranted or false information relative to any personal information or personal sensitive information obtained by him or her, shall be subject to imprisonment ranging from one (1) year and six (6) months to five (5) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00).
SEC. 32. Unauthorized Disclosure. – (a) Any personal information controller or personal information processor or any of its officials, employees or agents, who discloses to a third party personal information not covered by the immediately preceding section without the consent of the data subject, shall he subject to imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00).
(b) Any personal information controller or personal information processor or any of its officials, employees or agents, who discloses to a third party sensitive personal information not covered by the immediately preceding section without the consent of the data subject, shall be subject to imprisonment ranging from three (3) years to five (5) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00).
SEC. 33. Combination or Series of Acts. – Any combination or series of acts as defined in Sections 25 to 32 shall make the person subject to imprisonment ranging from three (3) years to six (6) years and a fine of not less than One million pesos (Php1,000,000.00) but not more than Five million pesos (Php5,000,000.00).
First posted at 12:29pm April 22, 2016 Manila time: Breaking News: The site that posted and published about 70 million voters’ personal data was taken down by the United States Department of Justice and the web host, upon request of the Philippine Department of Justice, according to Comelec spokesperson James Jimenez thru his twitter account. Jimenez also tweeted that the DOJ of the Philippines is requesting the US DOJ to be provided with the data base that was downloaded by the hackers. Embedded are the Comelec spokesperson’s tweets.
James Jimenez @jabjimenez 3h
3 hours ago
From DOJ office of cybercrime: website taken down. Contacted Web hosting company & USDOJ last night; Data preserved w/ Cloudflare &GoDaddy.
44 retweets 22 likes
Reply Retweet 44
Like 22
More James Jimenez @jabjimenez 3h
3hours ago
DOJ currently in the process of requesting for the preserved data on Cloudflare and GoDaddy, thru official channels, coordinating with NBI
11 retweets 6 likes
Reply Retweet 11
Like 6
More
As expected, PR agencies of the candidates flood the news pages a day or two after the debate with press releases on who “won” the debate.
More insidious however are “polls” hosted by news organizations that purport to measure who “won” the debate by soliciting votes from their viewers or readers. This is called an open-access poll or a crowd-sourced poll. It is not scientific, and everybody knows that.
Well, maybe not everybody.
Many people still believe what they see or read in the news. And many more do not know that for the right price, a candidate can contract a PR agency to activate 10,000 unique isp numbers in his/her favor to vote in a non-scientific poll, and get away with it. He/she “won the debate”!
Would it be too much to ask the editors to at least put a small, teeny box beside their sidebar “poll” that states: “non-scientific poll”. Two words, one line. Or: “Not a scientific poll.” Four words (three words and an article). Or: “This is not a scientific poll.” Or: “not scientific”. Or: “non-scientific”. One word. Would that be too much to ask?
Otherwise, post-debate “polls”, like the opinions of “political analysts” on who “won” the debate” are just pieces of propaganda materials to repair the shattered performances of their clients.
⇒ ⇒⇒ From Sheldon R. Gawiser, Ph.D. and G. Evans Witt of the National Council on Public Polls (U.S.):“The only polls that should be reported are “scientific” polls.xxx Unscientific pseudo-polls are widespread and sometimes entertaining, but they never provide the kind of information that belongs in a serious report. Examples include xxx call-in polls, man-on-the-street surveys, many Internet polls, shopping mall polls xxx “One major distinguishing difference between scientific and unscientific polls is who picks the respondents for the survey. In a scientific poll, the pollster identifies and seeks out the people to be interviewed. In an unscientific poll, the respondents usually “volunteer” their opinions, selecting themselves for the poll. “In scientific polls, the pollster uses a specific statistical method for picking respondents. In unscientific polls, the person picks himself to participate” (open access: open to everyone interested) xxx The method pollsters use to pick interviewees relies on the bedrock of mathematical reality: when the chance of selecting each person in the target population is known, then and only then do the results of the sample survey reflect the entire population. This is called a random sample or a probability sample. xxx” (at http://www.ncpp.org/ )
