It started with Manila's National Privacy Commission (NPC), the agency which mandated to implement Republic Act 10173, or the Data Privacy Act (DPA) and then resulted in March 28th, 2016 with 

 A great lol to Commission on Elections, here's your whoooooole database.

LulzSec Pilipinas had exposed data (posted a mega sized .zip file of data) which included publicly available information and also voter data, voter registration data, and databases relevant to the functionality of the Commission on Elections (Comelec) website.  Less than a year later on January 11, 2017, a computer was stolen from Comelec's office in Wao, Lanao del Sur.  That computer contained a copy of the voter registration system, voter search applications, and the whole database of registered voters.  

In most organizations with the maturity of technology there comes a convergence of assets important to multiple areas of compliance and protection.  In the case of Manila, it is the National Privacy Commision (NPC) which concerns itself with data privacy and then there is the Department of Informaiton and Comunications Technology which concerns itself strictly with the technical intricacies within the systems.  The gap of organizational management and physical management has become just as important as the technical measures which were put into place.