Possible voters’ data breach in the Philippines

The National Privacy Commission (NPC) is looking into allegations that some candidates, running for midterm elections, were accessing the personal information of voters without consent.

In a statement, Privacy Commissioner Raymund Liboro said:

“It has come to our attention that some individuals posted on social media about receiving from candidate/s a “precinct locator” or “voter’s information” card, printed with their personal data – name, complete residential address, date of birth, among others.

“Concerns were raised over the possibility that these candidates may be processing voter personal data without authority,”

The NPC aims to find out how the candidates were able to access the voters’ personal data and whether the processing of election-related information was compliant to the Data Privacy Act (DPA)regulations.

Both political parties and candidates have been reminded that they must uphold the data subject rights of voters at all times.

“They have the obligation to ensure that all personal data processing related to any of their partisan political activity satisfy the criteria for lawful processing as provided for in the DPA,” Liboro added.

Penalties for violations of the data privacy law may be given to the political parties and candidates, if found to not uphold data subject rights in processing voter information.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.