President Cyril Ramaphosa has signed the Cybercrimes Bill into law, which brings South Africa's cybersecurity laws in line with the rest of the world.
Photo by Tingey Injury Law Firm on Unsplash
According to Werksmans Attorneys, this Bill, which is now an Act of Parliament, creates offences for and criminalises, amongst others, the disclosure of data messages which are harmful. Examples of such data messages include:
- Those which incite violence or damage to property;
- Those which threaten persons with violence or damage to property; and
- Those which contain an intimate image.
Other offences include cyber fraud, forgery, extortion and theft of incorporeal property. The unlawful and intentional access of a computer system or computer data storage medium is also considered an offence along with the unlawful interception of, or interference with data.
"This creates a broad ambit for the application of the Cybercrimes Act which defines 'data' as electronic representations of information in any form. It is interesting to note that the Act does not define “cybercrime” but rather creates a number of offences such as those canvassed above," explained Ahmore Burger-Smidt, director and head of data privacy practice at Werksmans Attorneys.
A person who is convicted of an offence under the Cybercrimes Act is liable to a fine or to imprisonment for a period of up to fifteen years or to both a fine and such imprisonment as may be ordered in terms of the offence.
The impact this Act will have on businesses
The Cybercrimes Act will be of particular importance to electronic communications service providers and financial institutes as it imposes obligations upon them to assist in the investigation of cybercrimes, for example by furnishing a court with certain particulars which may involve the handing over of data or even hardware on application.
There is also a reporting duty on electronic communications service providers and financial institutions to report, without undue delay and where feasible, cyber offences within 72 hours of becoming aware of them. A failure to do so may lead to the imposition of a fine not exceeding R50,000.
Burger-Smidt said it is further interesting to note the impact this Act will have on businesses, especially considering its overlap with the Protection of Personal Information Act (PoPIA), amongst other regulatory codes and pieces of legislation.
"Companies should be cognisant of their practices especially in dealing with data or information. The value of data as an asset, the oil of the new economy, cannot be understated," said Burger-Smidt.