MANILA, Philippines – For betraying the public’s trust, officials of the Commission on Elections (Comelec) can be impeached following the online leak of voters’ personal information, some lawyers argued on Saturday, April 23.

Lawyer Toby Purisima said that under Section 2, Article XI of the Constitution, betrayal of public trust is one of the grounds for impeachment of the chairman and commissioners of constitutional commissions like the Comelec. 

This is following the leak of voter registration records, which were accessed by hackers from the Comelec website on March 27. The issue intensified on April 21 when a website surfaced wherein the database of voters’ personal information were made searchable.

That searchable web “portal” has since been taken down, but experts have said that information contained there is still likely to remain on the Internet. (READ: After Comelec leak, what to do to protect yourself?)

Purisima said that this hacking and the ensuing data leak falls under the catch-all definition of “betrayal of public trust.”

Non-impeachable officials in the Comelec can also be made liable under other applicable laws, he added.

Lawyer Regie Tongol, meanwhile, explained the nuances in the option to file criminal cases and disbarment petitions against concerned Comelec officials.

“There is a school of thought that we have to impeach them first before we could disbar them. It could also apply in filing criminal cases against Comelec officials,” Tongol said.

Meanwhile, the hackers are liable under the Cybercrime Prevention Act, Data Privacy Act, and e-Commerce Act for unauthorized access of the Comelec website, and unauthorized disclosure or sharing of the leaked personal information.

However, Tongol argued that the Cybercrime Prevention Act and the Data Privacy Act may not be filed at the same time against the hackers, due to the double jeopardy rule.

Purisima and Tongol discussed these legalities during a technical forum on the Comelec data leak on Saturday. The forum was organized by Text Power, Computer Professionals Union, and 8layer Technologies Incorporated.

‘Make them accountable’

According to the two lawyers, the Comelec, as the controller of personal information, may also be made accountable for the data leak under the following laws:

1. Republic Act (RA) 10173 or the Data Privacy Act, for failing to protect data from unlawful access
2. RA 6713 or the Code of Conduct and Ethical Standards for Public Officials, for negligence in protecting voters’ data
3. Section 3(e) of RA 3019 or the Anti-Graft and Corrupt Practices Act for “causing any undue injury” to voters

There is also an accessory penalty under the Data Privacy Act of disqualification from running for public office that would be imposed on concerned Comelec officials, if found guilty.

Under the same law, the Comelec can also be charged for downplaying the incident and the concealment of the security breach or by not informing the voters immediately of the release of their personal information. (READ: Is Comelec liable for website data leak?)

“Up to now, the Comelec has not admitted directly to voters that the leaked files were our voter data,” noted Tonyo Cruz of TXTPower.

“We have to make them liable. Bad things will keep happening if we don’t make them liable,” said Tongol.

Purisima added that this incident should produce a “chilling effect” to the Comelec and other government agencies. “Ang sagot natin dapat sa gobyerno, huwag ‘nyo itong gagawin ulit sa susunod,” said Purisima.

(Our response to the government should be, ‘You should not let this happen next time.)

“We should use our power as citizens to make them accountable,” he noted.

Purisima served as the counsel for bloggers and netizens in one of the petitions filed against the Cybercrime Prevention Act in 2012. Tongol is a data privacy lawyer. – Rappler.com