Technology

Info Regulator unimpressed with IEC ‘security compromise’

The Information Regulator on Monday confirmed that is has received two notifications from the Independent Electoral Commission (IEC) regarding a “security compromise” that led to the release of the 2024 elections candidate lists for the ANC and Jacob Zuma’s MK Party.

It is unclear if the candidate list data was compromised through a hack or by more physical means. What is known by the regulator is that an “unauthorised person” gained access to the lists prior to distributing them on social media.

Notices are required to be sent to the regulator in the event of any incident that leads to the leaking of sensitive information in line with the Protection of Personal Information Act (Popia).

The regulator slammed the notices sent by IEC regarding the leaked candidate lists, saying that they not in line with Popia requirements.

“The regulator has advised the IEC that the notifications sent to the regulator do not provide sufficient details about the incidents to make them compliant with Popia requirements. Accordingly, the regulator has sent an information notice to the IEC requiring it to furnish the regulator with more details regarding the incidents,” the Information Regulator in a statement on Monday.

According to the statement, the IEC is required to prove that it has published the security compromise regarding the leaked ANC data on its website. Regarding the leaked MK Party data, the regulator requires proof of written notification to the party along with confirmation of the number of data subjects impacted by the security compromise.

Breach

The regulator also wants a detailed explanation from the IEC of how the “unauthorised person” was able to gain access to the leaked data in the first place as well as the measures that have been taken to prevent such a leak occurring again.

Read: CIPC hack: customers urged to change passwords – TechCentral

The incident follows last week’s hack at the CIPC and brings the number of government institutions that have notified the Information Regulator about the compromise of sensitive information to at least five since January.  – © 2024 NewsCentral Media

Get breaking news alerts from TechCentral on WhatsApp