Information Regulator says IEC is unable to adequately protect confidential personal information

JOHANNESBURG - The Information Regulator says the Electoral Commission of South Africa (IEC) does not have adequate controls in place to protect the confidential personal information it receives.

The regulator is a Section 39 body established to ensure the compliance and protection of personal data from private and public entities.

In a media briefing on Wednesday, the regulator said that during the election campaign period, the lists of African National Congress (ANC) and uMkhonto weSizwe (MK) party candidates were leaked to the public.

Regulator Chairperson, Pansy Tlakula said the leak led to the names and ID numbers of the candidates being circulated across various media platforms.

"We initiated an assessment of their security systems on the safeguarding of personal information that they processed, and we found that they did not have adequate access control measures to protect the confidentiality of personal information in their possession. Furthermore, their Section 22 notification to notify the data subjects concerned was found to be inadequate."