Avatar photo

By Faizel Patel

Senior Digital Journalist


Information Regulator probes leak of ANC and MK party candidate lists

Information Regulator wants detailed information from the IEC, including the security compromise involving the ANC and MK candidates.


The Information Regulator has confirmed that it has received two notifications from the Electoral Commission of South Africa (IEC) into the circumstances surrounding the leak of the African National Congress (ANC) and Umkhonto we Sizwe (MK) Party candidate lists for the upcoming national and provincial elections on 29 May.

The lists, which includes personal information of the parties’ national and provincial candidates, started making the rounds on social media last week.

LIVE interactive map, latest news, multimedia and more!

View Map

They were submitted by the ANC and MK party on Friday afternoon ahead of the IEC’s deadline of 5pm.

ALSO READ: IEC confirms probe underway into leak of ANC and MK Party candidate lists

More information

The Information Regulator’s spokesperson Nomzamo Zondi said it will attend to the notifications from the IEC in accordance with the requirements of the Protection of Personal Information Act No. 4 of 2013 (POPIA).

“The regulator has advised the IEC that the notifications sent to the regulator do not provide sufficient details about the incidents to make them compliant with POPIA requirements. Accordingly, the regulator has sent an information notice to the IEC requiring the IEC to furnish the regulator with more details regarding the incidents.”

The regulator’s notice requested detailed information from the IEC including the security compromise involving the ANC and MK candidates, proof that the IEC has published the security compromise notice on its website, proof of written notification to the MK party and confirmation of the number of candidates impacted by the security compromise.

Protective measures

It also requested the IEC to provide information about whether there was provision of sufficient information to allow candidates to take protective measures against the potential consequences of the compromise.

“Details as to how the unauthorised person accessed the personal information of data subjects, and as to the technical and organisational measures that the IEC has implemented to mitigate against the risk of the affected data subjects’ personal information being unlawfully accessed and/or unlawfully processed.”

Zondi said the information will assist the regulator in determining whether the IEC has met its obligations as a responsible party under POPIA.

ALSO READ: WATCH: DA trying to ‘mortgage’ our democracy to the US – Ramaphosa