South Africans are scheduled to go to the polls on May 29th.
The Independent Electoral Commission (IEC) is investigating the circumstances behind the unauthorized publication of political party candidates on social media over the weekend.
This comes after the lists of candidates for the political parties African National Congress (ANC) and Umkhonto Wesizwe were published online on Saturday.
The IEC has notified the information regulator, which enforces South Africa's data privacy law (Protection of Personal Information Act (POPIA)), about the incident, but the watchdog is seeking further details.
The fraudulent disclosures come as SA prepares for general elections on May 29 to elect a new parliament and state legislatures for each state.
“We have become aware that lists of candidates associated with two political parties, the ANC and Umkhonto Wesizwe, have been circulated or disclosed in an unauthorized manner,” the Electoral Commission said in a statement on its website.
Additionally, the Electoral Commission confirmed that it had been contacted by the ANC, one of the affected parties.
The IEC suggests that the data came from a report generated by an internal system within the Election Commission.
To this end, the Commission says it has ordered an investigation to determine the circumstances of the unauthorized disclosure and the identity of the source.
The report notes that the disclosed documents contained personal information of data subjects and that the Election Commission had reported the incident to the information regulator pursuant to POPIA.
In a response to ITWeb today on this issue, the IEC stated: “Please be advised that the Committee will not be commenting on the fraudulent publication of candidate lists at this time until the investigation into this matter is complete.”
In a statement today, the information regulator confirmed that it had received two notifications from the IEC regarding a security breach that saw the illegal publication of the ANC and uMkhonto weSizwe candidate lists for the 2024 elections.
The regulator has said it will respond to notifications from the IEC in accordance with POPIA requirements.
The regulator informed the IEC that the notification sent to the regulator did not contain sufficient details about the incident to comply with POPIA requirements.
The regulator therefore sent an information notice to the IEC requesting that the IEC provide details to the regulator.
The requested information will help regulators determine whether the IEC is meeting its obligations as a responsible party under POPIA.
Among other issues, the watchdog wants the IEC to provide confirmation of the number of data subjects affected by a security breach.
We also want data subjects to be provided with sufficient information so that they can take protective measures against the potential consequences of a breach.
Regulators will also need details about how the personal information was accessed by unauthorized persons and the technical measures the IEC has implemented to reduce the risk that this personal information is unlawfully accessed or unlawfully processed. and details of organizational measures.
The ruling party said it notes with concern that a list of ANC candidates, which appears to have originated from the IEC online nomination system, is currently circulating on social media.
“We have raised our concerns with the IEC about the unauthorized disclosure of personal information that may violate the Privacy Act.
“We would like to have full confidence in the IEC's track record of administering and overseeing free, fair and credible elections over the past 30 years. “These attributes also apply to the secure management of classified information,” the group said in a statement.
“The ANC supports all efforts by the IEC to investigate unauthorized releases and hold those responsible. We reiterate that we will continue to advocate for this.”
uMkhonto weSizwe said in a statement that it will lodge a formal complaint with the IEC about the leak of the candidate list through its legal team.
“We consider such conduct to be unacceptable, unprofessional, endangering the lives of MK candidates, and in violation of the POPI Act.”