Possible voters’ data breach in the Philippines

The National Privacy Commission (NPC) is looking into allegations that some candidates, running for midterm elections, were accessing the personal information of voters without consent.

In a statement, Privacy Commissioner Raymund Liboro said:

“It has come to our attention that some individuals posted on social media about receiving from candidate/s a “precinct locator” or “voter’s information” card, printed with their personal data – name, complete residential address, date of birth, among others.

“Concerns were raised over the possibility that these candidates may be processing voter personal data without authority,”

The NPC aims to find out how the candidates were able to access the voters’ personal data and whether the processing of election-related information was compliant to the Data Privacy Act (DPA)regulations.

Both political parties and candidates have been reminded that they must uphold the data subject rights of voters at all times.

“They have the obligation to ensure that all personal data processing related to any of their partisan political activity satisfy the criteria for lawful processing as provided for in the DPA,” Liboro added.

Penalties for violations of the data privacy law may be given to the political parties and candidates, if found to not uphold data subject rights in processing voter information.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.