In view of the “ComeLeak” or “ComeLeaks” (the data security breach in the Comelec, the most massive in history, where the personal information and data of about 70 million registered voters were stolen and published by hackers) the following are the pertinent provisions of the Data Privacy Act:
Section 16. xxx e) Suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected. In this case, the personal information controller may notify third parties who have previously received such processed personal information; and
(f) Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information. Xxx SEC. 26. Accessing Personal Information and Sensitive Personal Information Due to Negligence. – (a) Accessing personal information due to negligence shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.
(b) Accessing sensitive personal information due to negligence shall be penalized by imprisonment ranging from three (3) years to six (6) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Four million pesos (Php4,000,000.00) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.
SEC. 27. Improper Disposal of Personal Information and Sensitive Personal Information. – (a) The improper disposal of personal information shall be penalized by imprisonment ranging from six (6) months to two (2) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but not more than Five hundred thousand pesos (Php500,000.00) shall be imposed on persons who knowingly or negligently dispose, discard or abandon the personal information of an individual in an area accessible to the public or has otherwise placed the personal information of an individual in its container for trash collection.
b) The improper disposal of sensitive personal information shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but not more than One million pesos (Php1,000,000.00) shall be imposed on persons who knowingly or negligently dispose, discard or abandon the personal information of an individual in an area accessible to the public or has otherwise placed the personal information of an individual in its container for trash collection. SEC. 29. Unauthorized Access or Intentional Breach. – The penalty of imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who knowingly and unlawfully, or violating data confidentiality and security data systems, breaks in any way into any system where personal and sensitive personal information is stored.
SEC. 30. Concealment of Security Breaches Involving Sensitive Personal Information. – The penalty of imprisonment of one (1) year and six (6) months to five (5) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00) shall be imposed on persons who, after having knowledge of a security breach and of the obligation to notify the Commission pursuant to Section 20(f), intentionally or by omission conceals the fact of such security breach.
SEC. 31. Malicious Disclosure. – Any personal information controller or personal information processor or any of its officials, employees or agents, who, with malice or in bad faith, discloses unwarranted or false information relative to any personal information or personal sensitive information obtained by him or her, shall be subject to imprisonment ranging from one (1) year and six (6) months to five (5) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00).
SEC. 32. Unauthorized Disclosure. – (a) Any personal information controller or personal information processor or any of its officials, employees or agents, who discloses to a third party personal information not covered by the immediately preceding section without the consent of the data subject, shall he subject to imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00).
(b) Any personal information controller or personal information processor or any of its officials, employees or agents, who discloses to a third party sensitive personal information not covered by the immediately preceding section without the consent of the data subject, shall be subject to imprisonment ranging from three (3) years to five (5) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00).
SEC. 33. Combination or Series of Acts. – Any combination or series of acts as defined in Sections 25 to 32 shall make the person subject to imprisonment ranging from three (3) years to six (6) years and a fine of not less than One million pesos (Php1,000,000.00) but not more than Five million pesos (Php5,000,000.00).
First posted at 12:29pm April 22, 2016 Manila time: Breaking News: The site that posted and published about 70 million voters’ personal data was taken down by the United States Department of Justice and the web host, upon request of the Philippine Department of Justice, according to Comelec spokesperson James Jimenez thru his twitter account. Jimenez also tweeted that the DOJ of the Philippines is requesting the US DOJ to be provided with the data base that was downloaded by the hackers. Embedded are the Comelec spokesperson’s tweets.
James Jimenez @jabjimenez 3h
3 hours ago
From DOJ office of cybercrime: website taken down. Contacted Web hosting company & USDOJ last night; Data preserved w/ Cloudflare &GoDaddy.
44 retweets 22 likes
Reply Retweet 44
Like 22
More James Jimenez @jabjimenez 3h
3hours ago
DOJ currently in the process of requesting for the preserved data on Cloudflare and GoDaddy, thru official channels, coordinating with NBI
11 retweets 6 likes
Reply Retweet 11
Like 6
More
“Hackers, Possibly From Middle East, Block U.S. Banks’ Websites by Enjoli Francis | ABC News – Thu, Sep 27, 2012
“The financial and banking industries are on high alert tonight (Sept. 27) as a massive cyberattack continues, with potentially millions of customers of Bank of America, PNC and Wells Fargo finding themselves blocked from banking online.
“ “There is an elevated level of threat,” said Doug Johnson, a vice president and senior adviser of the American Bankers Association. “The threat level is now high.”
“ “This is twice as large as any flood we have ever seen,” said Dick Clarke, an ABC News consultant and former cybersecurity czar.
“Sources told ABC News that the so-called denial of service attacks had been caused by hackers from the Middle East who had secretly transmitted signals commandeering thousands of computers worldwide.
“Those computers — or “zombies” — were then used to overwhelm bank websites with a barrage of electronic traffic.
“Different banks have been targeted on different days.
Today was PNC Bank’s turn: For three hours, ABC News tried to get on the PNC website to no avail.
“On Facebook, a frustrated customer, Cynthia Schirm, wrote, “Trying to pay bills. This is ridiculous.”
xxx
“The U.S. said it suspected that hackers in Iran were also involved.
“ “This is the first time that we know about, where a Middle Eastern entity, perhaps a Middle Eastern government, has attacked websites, critical infrastructure, in the United States,” Clarke said.
“Even though hackers have not been able to steal any money during these attacks, authorities say they fear the next generation of wide-scale cyber assaults could be more devastating.
“ “If they get inside the banks, they can move money around and cause financial chaos,” Clarke said. “
“ABC News obtained a Sept. 17 FBI alert warning that foreign hackers were targeting bank and credit union workers.
“In a number of those cases, the hackers stole employee login credentials and then wired themselves between $400,000 and $900,000.
“Sources told ABC News that the U.S. government was actively working to locate and disrupt the massive attacks.”
XXX XXX XXX
“Could a state actor be at play? U.S. Senator Joe Lieberman, without offering any proof, said he believed the assaults were carried out by Iran in retaliation for tightened economic sanctions imposed by the United States and its allies.
“Smith demurred when asked who could be behind the campaign, although he said there were “only a handful of groups out there that have the technical ability or incentive” to carry it out.”
From: “US banks hit by more than a week of cyberattacks by Raphael Satter | Associated Press – Fri, Sep 28, 2012
“U.S. banks have been buffeted by more than a week of powerful cyberattacks, but the mystery surrounding their perpetrators lingers.
“One expert said Friday that he was suspicious of claims of responsibility purportedly made by Islamists angry at an anti-Muslim movie made in the United States, explaining that the widely-circulated Internet postings might have been an attempt to deflect attention from the true culprit.
“ “In the intelligence world, we call that a ‘false flag,'” said Mike Smith, whose Web security company Akamai has helped analyze some of the attacks.
“The postings, published to the Web earlier this month, suggested that an obscure Islamist group had taken revenge on American financial institutions for the “Innocence of Muslims,” a low-budget U.S. film that ridiculed Muhammad, revered by Muslims as the last of God’s prophets.
“Since then at least half a dozen banks — including the Bank of America, JPMorgan Chase, and Citigroup — have witnessed traffic surges and disruptions. Not all have confirmed they were the victims of an online onslaught, but such surges are a hallmark of denial-of-service attacks, which work by drowning target websites with streams of junk data.
“Such attacks are fairly common and generally don’t compromise sensitive data or do any lasting damage. Still, they can be a huge headache for companies that rely on their websites to interact with customers.
“Most say the recent spate of attacks has been unusually powerful. PNC bank, which was hit on Thursday, has never seen such a strong surge in traffic, spokesman Fred Solomon said in a telephone interview. Smith said he estimated the flow of data at 60 to 65 gigabits per second.
“Smith said the profile and power of the attack made it an unlikely fit for the religious youth that the Internet postings called upon to join in the anti-U.S. campaign. He explained that politically-motivated hackers — often called hacktivists — usually flood the Web with appeals for support and post links to software that can turn followers’ personal computers into crude cyberweapons.
“Twitter and online chat rooms then explode with activity, as casual supporters pile in to coordinate attacks.
“ “You’re not seeing that with this particular set of attacks,” Smith said. “At the same time … the attack traffic is fairly homogeneous. It’s not this wide cornucopia of attacks that’s coming at you that you see with a hacktivist attack.”
“So who is behind the campaign?
“Cybercriminals often use denial-of-service attacks to shake down smaller websites, but major U.S. banks make unlikely targets for a protection racket.
xxx
“In any case, the online attacks appeared to be easing. Solomon, the PNC bank spokesman, said while traffic remained heavy Friday the flow was gradually returning to normal.
“Doug Johnson, with the American Bankers Association, echoed that assessment.
