According to the Constitution, an Act of Parliament must give effect to these rights; being the Administration of Justice Act. Section 3 (1) (a) of the Administration of Justice Act provides that: An administrative Authority which has the responsibility or power to take any administrative action which may affect the rights, interests or legitimate expectations of any person shall-act lawfully, reasonably and in a fair manner… The Authority is an administrative body as defined in the Administration of Justice Act in that it is a committee or board appointed in terms of the Act and the Postal and Telecommunications Act and further performs administrative power and duties. and up to date. Records that have inaccurate information for instance a voter’s roll can impact on one’s right to participate in electoral matters, but also the controller. ZEC must ensure that the roll is updated, this duty also extends to the data subject (the voter) to inspect and correct or update details on the voter’s roll. Accurate data means that the personal details are correct. Inaccurate information can be harmful. For information to be accurate it must be regularly updated, though accurate and updated can exist as separate elements of data processing they are related. Updated means, if a data subject, changes their name, or address, or a record is expunged any database holding the initial information must be updated or reflect the same changes. The duty to update is not entirely of the data controller nor of the data subject, it is a shared duty. Section 7 (1) (c) Storage Limitation When collected, the information must allow for the identification of the data subject, and only kept for a necessary period and time to allow the purposes of its collection to be satisfied, unless other reasons exist to keep the data longer. Quality of Data Quality of Data is covered under Part III of the Act. Section 7 of the Act provides for several data processing principles, and these are necessary conditions for processing or collecting of personal information. This Section is also read in conjunction with the definition of data controller and data processor as that helps to understand the data processing principles. Section 7(1)(a) Adequate, relevant and not excessive The data must be adequate, relevant and not excessive, meaning if the data collected is not adequate it will still be personal data but might not be sufficient, and therefore not relevant for the collected purposes. If more data is collected than is required and therefore excessive, it therefore becomes unlawful collection. Section 7 (2) Accessibility of Data and Technical Measures Data is usually processed using different technological measures. These measures must allow for the data to be accessible, meaning if given to a data subject they should be able to read it, or anyone with lawful access is able to process the data regardless of the technology used. Section 7 (3) Controller delegated Authority If any individual is given Authority to collect information for the controller, such as a data processor, they must comply with all provisions under Section 7. This includes people that the data processor has contracted. Section 7(1) (b) Accurate, and Up to date Inaccurate data while it might not lead to identification of an individual, might also lead to deprival of benefits to the data subject or specific harms. The data controller has a responsibility to ensure that the data collected is accurate, M I S A Z I M B A B W E • G U I D E T O T H E Z I M B A B W E A N C Y B E R A N D D A T A P R O T E C T I O N A C T - 2 0 2 2 15