Regulator probes leak of ANC, MK party candidate lists
The Information Regulator has confirmed that it has received two notifications from the Electoral Commission of South Africa (IEC) into the circumstances surrounding the leak of the ANC and uMkhonto we Sizwe (MK) party candidate lists for the general election on 29 May.
The lists, which includes personal information of the candidates, started making the rounds on social media last week.
They were submitted by the ANC and MK party on Friday afternoon, ahead of the IEC’s deadline of 5pm.
The regulator’s spokesperson, Nomzamo Zondi, said it will attend to the notifications from the IEC in accordance with the requirements of the Protection of Personal Information Act No 4 of 2013 (Popia).
The regulator’s notice requested detailed information from the IEC, including the security compromise involving the ANC and MK candidates, proof that the IEC has published the security compromise notice on its website, proof of written notification to the MK party and confirmation of the number of candidates impacted by the security compromise.
It also requested the IEC to provide information about whether there was provision of sufficient information to allow candidates to take protective measures against the potential consequences of the compromise.
“Details as to how the unauthorised person accessed the personal information of data subjects, and as to the technical and organisational measures that the IEC has implemented to mitigate against the risk of the affected data subjects’ personal information being unlawfully accessed and unlawfully processed,” Zondi said.
She said the information will assist the regulator in determining whether the IEC has met its obligations as a responsible party under Popia.