The Independent Electoral Commission (IEC) is investigating the circumstances behind the unauthorised disclosure of political parties’ candidates on social media over the weekend.
This, after the candidate lists of political parties – the African National Congress (ANC) and uMkhonto weSizwe – were disclosed online on Saturday.
Although the IEC has notified the Information Regulator, which enforces South Africa’s data privacy law − the Protection of Personal Information Act (POPIA) − about the incident, the watchdog wants more details.
The unauthorised disclosure comes as SA readies for general elections, which will be held on 29 May to elect a new National Assembly, as well as the provincial legislature in each province.
In a statement on its website, the Electoral Commission says it has “become aware of candidate lists related to two political parties, the ANC and uMkhonto weSizwe, that have been circulated or disclosed in a manner not authorised”.
Furthermore, the Electoral Commission confirms it has received correspondence from one of the affected parties – the ANC.
According to the IEC, indications are that the data emanated from internal system-generated reports within the Electoral Commission.
To this end, the commission says it has directed an inquiry to establish the circumstances and identity of the source of the unauthorised disclosure.
It notes the disclosed documents contain personal information of data subjects, and the Electoral Commission has reported the incident to the Information Regulator, in compliance with POPIA.
Responding to ITWeb on the issue today, the IEC says: “Please be advised that the commission is not commenting on the unauthorised release of the candidate list at the moment until investigations on the matter are finalised.”
Lacking in detail
In a statement today, the Information Regulator confirms it has received two notifications from the IEC regarding a security compromise that saw the unlawful release of candidate lists for the ANC and uMkhonto weSizwe for the 2024 elections.
The regulator says it will attend to the notifications from the IEC in accordance with the requirements of POPIA.
The regulator has advised the IEC that the notifications sent to the regulator do not provide sufficient details about the incidents to make them compliant with POPIA requirements.
Accordingly, the regulator has sent an information notice to the IEC, requiring the IEC to furnish the regulator with more details.
The requested information will assist the regulator in determining whether the IEC has met its obligations as a responsible party under POPIA.
Among other issues, the watchdog wants the IEC to furnish it with confirmation of the number of data subjects impacted by the security compromise.
It also wants to be provided with sufficient information to allow the data subjects to take protective measures against the potential consequences of the compromise.
The regulator also wants details as to how the unauthorised person accessed the personal information, and details as to the technical and organisational measures the IEC has implemented to mitigate against the risk of this personal information being unlawfully accessed and/or unlawfully processed.
Parties’ response
The ruling party says it has noted with concern that ANC candidate lists that appear to emanate from the IEC online candidate nomination system are now circulating on social media.
“We have conveyed our concerns to the IEC about this unauthorised release of personal information in potential contravention of the Protection of Personal Information Act.
“We wish to reiterate our full confidence in the IEC's proven track record of administering and overseeing free, fair and credible elections over the past three decades. The IEC continues to do so with professionalism, impartiality and integrity − attributes which have also extended to the secure management of confidential information,” says the party in a statement.
“The ANC supports the IEC in any efforts it may pursue to investigate the unauthorised release and hold anyone responsible to account. We reiterate the ANC has and will continue to speak for itself throughout this process on the nature and constitution of the ANC's candidate lists.”
In its statement, uMkhonto weSizwe says through its legal team, it will lodge a formal complaint to the IEC for the leaking of its candidate list.
“We view such conduct as unacceptable, unprofessional and it has put the lives of MK candidates at risk and violation of the POPI Act.”
Share