Members of the ISACA London Chapter have expressed their concerns regarding the e-voting system implemented for the upcoming Extraordinary General Meeting (EGM) scheduled for March 13. This event will determine the next board of directors for ISACA’s largest regional chapter, which boasts over 5500 members and operates independently from the global organization.
Individuals who cannot attend the EGM were given the option to designate a representative to vote on their behalf online by 6 pm GMT on March 11, 2025. However, criticism of the e-voting system surfaced in a LinkedIn post by Allan Boardman, Founder of CyberAdvisor.London and Committee Member of ISACA’s Certified Data Privacy Solutions Engineer (CDPSE) certification.
Boardman raised concerns about the lack of security measures and scrutiny in the deployment of the e-voting system, citing issues such as a lack of authentication and email confirmation for voters. He warned that these vulnerabilities could potentially lead to unauthorized votes and compromise the integrity of the governance process.
In addition to Boardman’s critiques, Sarb Sembhi, CTO at Virtually Informed Limited, highlighted the lack of transparency regarding the sharing of members’ personal data with the e-voting facilitator. Furthermore, confusion arose when an email sent on behalf of the e-voting firm appeared to be from ISACA Global rather than the ISACA London Chapter.
Boardman also contended that the e-voting system violated the UK’s General Data Protection Regulation (UK GDPR) and ISACA London Chapter’s Privacy Policy by sharing members’ data without authorization. Despite bringing these concerns to the chapter’s leadership multiple times, Boardman claimed that no action was taken to address the vulnerabilities.
He called upon all ISACA London Chapter members to demand an independent investigation and audit of the e-voting process and encouraged attendance at the EGM to challenge current practices. However, the ISACA London Chapter Board refuted Boardman’s allegations, asserting that the online voting platform underwent independent verification, rigorous testing, and complied with data protection legislation.
They emphasized that the platform was designed to safeguard the confidentiality and integrity of votes while minimizing data processing. The Board argued that processing member data for governance purposes fell under the lawful basis of ‘legitimate interests’ and did not require consent, as long as it was necessary and respected members’ rights.
Julia Kanouse, Chief Membership Officer of ISACA Global, acknowledged the concerns raised about the voting process and emphasized the need for compliance with regulations and governance best practices. She expressed the organization’s commitment to ensuring a fair, secure, and conclusive vote to fulfill the chapter members’ mandate.
Overall, the controversy surrounding the e-voting system for the ISACA London Chapter’s EGM underscores the importance of transparency, data privacy, and security in electronic voting processes within professional organizations. As the debate continues, the ultimate goal is to uphold the integrity of governance procedures and protect the rights of all members involved.