While the Cybercrimes Act 19 of 2020 seeks to combat cyber crimes, the Protection of Personal Information Act 4 of 2013 (POPIA) seeks to protect the privacy of personal information gathered and processed by responsible parties. In this brief article we will consider the interaction between these two pieces of legislation.
As a point of departure, one of the conditions that POPIA obligates on responsible parties is security safeguards. Entities that collect and process personal information ought to ensure that the information they collect is protected as long as it is within their care and storage. With the advancement of technology today and the upsurge of criminal activity on the cyberspace, responsible parties ought to ensure there are mechanisms and systems in place to protect personal data in their possession. Security breaches remain a possibility each and every day, as we have seen even state security departments and classified information in other parts of the world being breached and leaked, sometimes in aid of criminal activity and sometimes in advancement of civil liberty protests against governments. Recently in South Africa the computer systems of the Department of Justice were allegedly compromised and it interrupted Court operations and justice services.
From a distance, a somewhat retrogressive effect between the purports of the POPIA and the Cybercrimes Act would have been due to the requirement that electronic communications service providers (ECSPs) and financial institutions (FIs) must avail data to law enforcement and investigators upon being called to do so, as required by Section 54 of the Cybercrimes Act. Further they are also required to retain information and evidence that with good reason, is believed to have been used in the commission of cybercrime. Basically this means mere reason to believe is enough for the information to be retained and handed over to law enforcement, without the participation of the data subject as it would defeat investigative procedures. Our view is that this may only cause complications in urgent situations, otherwise where in dissimilar instances, careful procedures and cooperation between a company’s POPIA and Cybercrime Act obligations would avert such a situation. In any event, rights are not absolute.
The Cybercrimes Act provides further that failure by responsible parties to adhere to Chapter 3 of POPIA (8 conditions) and section 72 which deals with transfer of information outside the country, will be dealt with enforcement procedures of POPIA in Chapter 10. In this way, the Cybercrimes Act and the POPIA work in cooperation to achieve security within the perspectives of privacy.
Information quality, as one of the conditions under POPIA expected of responsible parties, seeks that the integrity of the information retained must be given effect to at all material times. This means that the information must be free from interception, damage, breach, deletion and interference from parties who are not authorised to do so. This works hand in glove with the precepts within the context of the Cybercrimes Act aiming to improve security in the cyberspace.
Looking in all, the purposes and conditions of POPIA are within the perspectives that are aimed to be achieved by making sure that cyberspace is secure. In situations where urgency will be needed in investigative procedures, there might be a few shortcomings in the cooperation between these two pieces of legislation, which might be expected in future. Nonetheless, privacy of personal information is achieved through its security.
We assist organisations and individuals with regards to POPIA and Cybercrimes Act obligations. Our website outlines other legal services that we offer.
Contact us for comprehensive assistance.
The information contained in this site is provided for informational purposes only, and should not be construed as legal advice on any subject matter. One should not act or refrain from acting on the basis of any content included in this site without seeking legal or other professional advice. The contents of this site contain general information and may not reflect current legal developments or address one’s peculiar situation. We disclaim all liability for actions one may take or fail to take based on any content on this site.
Subscribe to our Newsletter
Estate Agent Training
Bond & Transfer Calculator
Get the latest updates in your email box automatically.