**This is an old revision of the document!**

privacyPH.org/protect

In light of the recent breach at COMELEC involving personal information of 55-million Filipino voters, we're compiling certain measures below that may help mitigate some privacy risks entailed by the incident. Since Filipino voters are generally young, it can take decades before much of the personal information from the breach becomes obsolete and useless to those who may commit fraud using the COMELEC data. Such data include (at least) fullnames, birthdates, birthplaces, addresses, voters' ID numbers, fingerprint hashes as well as (in some cases) passport numbers, tax identification numbers, fullnames of parents, email addresses, physical stats (height, weight). It appears to be, by far, the biggest online privacy breach in world history.

Identity Theft

  • Passport change. If you voted as an OFW, change your passport right away.
  • Commercial services. Identity thieves could sign you up for commercial services or some scams.
  • Redirected bills. Using the data from the leaked COMELEC database, identity thieves could redirect your business or personal addresses before fully using your identity. So watch out if you're no longer receiving your bills.
  • Strange calls or texts. Be wary of calls or SMS messages that could be used to confirm certain information, including the telephone numbers included in the stolen personal information.

Social Media

  • Placeholder account. If you feel particularly vulnerable to identity theft online but you can't help yourself from using social media, you can open accounts in popular social media as placeholder accounts only. But don't put in accurate personal information. Use hard-to-guess password.
  • Privacy Settings. If you're already on social media, adjust your privacy settings to restrict access to important information and pictures. “Friends of friends” access may no longer cut it. Where appropriate, you may also use inaccurate information as placeholder data.
  • Report. In case a fraudster has already acquired some social media real estate using your identity, report it immediately. How: Facebook, Twitter.

Fraud

  • Eyes on the card. When paying with the use of credit card, don't let it out of your sight where someone could copy (or take a picture of your credit card) details like expiry, CVV, and credit card number.
    * Challenge questions. In online banking, change your “challenge questions” to items not involving information about your parents, birthplace, birthdate.
  • Renew docs. Renew government-issued IDs, passports, licenses to help check possible compromised identity.
  • Request history. If it happens you request for certain official documents like birth certificates, marriage certificate, try to inquire also about the history of such requests for your documents from concerned government agencies. See if previous requests were really made by you.
  • Unexpected calls or visits. Be concerned about unexpected calls or visits from those posing as bank agents, insurance reps “verifying” your personal details.
  • Passwords. Passwords that match or resemble data available on the stolen COMELEC database (birth date, names in the family, birthplace, and the like) must be changed. Enable two-factor authentication (if available) for your online accounts.

Take Action

  • Document. Violations of the right to privacy without documentation could not be charged. So document them in great details.
  • Report. File formal complaints or report such violations to

NATIONAL PRIVACY COMMISSION
Office of the President, Jose P. Laurel St.
San Miguel, Manila, Metro Manila, Philippines

E-mail: [email protected]