IEC leak: Information Regulator notified of security breach
The Information Regulator has confirmed it's received two notifications from the Independent Electoral Commission (IEC) regarding a leak at the weekend.
The ANC and uMkhonto we Sizwe Party candidate lists were unlawfully published on various social media platforms less than 24 hours after parties submitted their lists on Friday to meet the deadline outlined in the commission's elections timetable ahead of the 29 May 2024 general elections.
On Saturday, the IEC assured the public it had launched internal processes to determine the source of the breach and informed the relevant authorities, including the regulator.
However, according to the regulator, the notifications aren't compliant with the Protection of Personal Information (Popi) Act.
The education and communication executive at the Information Regulator, Mukelani Dimba, says they have requested more information from the IEC to map out a course of action.
"Some of the information that we are requesting from the IEC includes proof that both political parties have been informed of the breach and a confirmation of the number of data subjects impacted by this security compromise."
The regulator also asked for more details on how the unauthorised person accessed the information and how the IEC implemented technical and organisational measures to mitigate the risk of the information being unlawfully accessed or processed.
The commission says it had taken additional measures through the night on Friday to prevent any further leaks of election lists.
ALSO READ:
