How Do Companies Maneuver The Cybercrimes Act & POPI Act | Legal Articles

 

Legal Articles

How Do Companies Maneuver The Cybercrimes Act & POPI Act

The importance of having an Information Officer in a company has never become so necessary than in the past year or so in South Africa. This period saw the coming into operation of the Protection of Personal Information Act 4 of 2013 (POPIA) and assenting to of the Cybercrimes Act 19 of 2020 by the President.

Inside the decade prior, there was rapid escalation of growing calls on the global stage for the need to guarantee protection and privacy of personal information in the cyberspace from emails, computer programmes, trade and commercial platforms as well as mobile applications. As a starting point therefore, the Protection of Personal Information Act 4 of 2013 (POPIA) placed an obligation on institutions which collect and process personal data to have an Information Officer appointed who will be responsible for ensuring compliance with conditions for lawful data processing (accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards and data subject participation).

In terms of POPIA, data processing entities (responsible parties) are required to adhere to the aforementioned conditions in their collection and processing of personal information and the Information Officer plays an important role in this respect.

In terms of the Cybercrimes Act the main obligations for financial institutions and electronic communication service providers (ECSPs) are related to reporting, detection of unlawful activity as well as availing information and cooperation when investigations are done by law enforcement. Failure to adhere to the aforesaid obligations amounts to an offence as per section 54 (3). This possibly leads some ECSPs and financial institutions to believe they must have cut-throat tech-systems and personnel to actively monitor each activity run through their networks or computer programmes. While in today’s fast advancing world it may come in handy and safer to have such, it is not the case actually. Section 54 (4) (a) and (b) provides that there is no such obligation. In the basic monitoring and operation of their computer systems, programs and networks, ECSPs and financial institutions must be wary to report any activity that shows reason to believe that a crime is being or has been committed.

Some of the offences provided for in the Cybercrimes Act were presented in such a way that makes their interpretation and application so broad. It is thought that the reason for this is so that due to the varying types of computer programs, systems, applications and what one can do in all these, there ought not to be a possibility where one escapes liability simply owing to the strict definition of the offence. It is also impossible to define each and every undesirable activity that one may do on the cyberspace as people use these platforms for different reasons from advertising, gaming, commercial transactions, religious purposes, romantic match making to seeking employment. Therefore ECSPs and financial institutions especially, ought to ensure they familiarise themselves with the listed offences and report where it requires such action.

In seeking to curb criminal activity on the cyberspace, there ought to be bringing to book of those found to be liable and those who had the obligation to report such activity but chose not to. We assist parties in these situations. Our approach is professional and committed, contact us so that we hear your requirements and assist accordingly.  

The information contained in this site is provided for informational purposes only, and should not be construed as legal advice on any subject matter. One should not act or refrain from acting on the basis of any content included in this site without seeking legal or other professional advice. The contents of this site contain general information and may not reflect current legal developments or address one’s peculiar situation. We disclaim all liability for actions one may take or fail to take based on any content on this site.

Comments are closed for this post, but if you have spotted an error or have additional info that you think should be in this post, feel free to contact us.


Subscription

Get the latest updates in your email box automatically.

Search

Archive

CloseCOVID-19 Corona Virus South African Resource Portal