Bautista hits probers: Facts were misappreciated
Commission on Elections (Comelec) Chairman Andres Bautista dismissed yesterday as a “misappreciation of facts and legal points” the charges hurled at him by the National Privacy Commission (NPC).
“With all due respect to the NPC membership, we believe that the NPC decision was based on misappreciation of several facts, legal points and material context,” Bautista said
in a statement.
Bautista was reacting to the NPC’s decision to recommend the filing of criminal charges against him in connection with the hacking of the Comelec’s website last year.
According to Bautista, the NPC also misappreciated the role of the head of agency in a collegial body by solely finding him at fault and recommending charges only against him.
“It is the en banc which sets a policy that the head of the agency is tasked to implement,” Bautista said.
The Comelec chairman also said that the incident did not affect the results of the May elections.
“I just would like to make it clear that the hacking incident is not related to the results of the 2016 elections,” Bautista posted on his Twitter account, @ChairAndyBau.
The NPC faulted Bautista for not appointing a data protection officer, as mandated by the Data Privacy Act.
“But since the law was passed in 2012, the Commission had not appointed one, and if an appointment had to be made, not just the head of the agency but the entire en banc will vote on the appointment,” Bautista said.
The NPC decision points to the head of the agency as being solely responsible for the data breach.
But Bautista said the commission, which is managed by lawyers, relies on its information technology department for expert advice on data security and privacy and other IT-related matters.
“As head of the agency, in areas where I did not have specific expertise, I generally trusted the advice and recommendation of the IT experts. And if Comelec IT specialists directly in charge of operating the website were found not to be liable, what more those who merely oversee their work,” Bautista stressed.
The poll chief further explained that breach or hacking is not a new phenomenon, as many leading private information technology companies also faced such problems despite security measures.
“Even before the hacking of the Comelec website in March 2016, the Commission was already following generally accepted standards and international best practices with regard to its technologyrelated activities and services,” Bautista said.
He added the Comelec actively consulted the Department of Science and Technology’s Information and Communications Technology Office even before he joined the Commission.
While the incident happened at the height of preparations for the May 2016 elections, Bautista said the Comelec still exerted all efforts to respond to the security breach.
“The Comelec, in good faith, cooperated with the proceedings initiated by the NPC, despite the absence of implementing rules and regulations,” he said.
He added the Comelec filed compliance reports detailing the immediate actions taken by the commission to respond to the hacking, including the shutting down of the website.
The Comelec, through the Office of the Solicitor General, Bautista said, is filing a motion for reconsideration with the NPC.
In a decision dated Dec. 28, the NPC found the Comelec guilty of several violations of the Data Privacy Act of 2012 for the data leak.