The use of email for business purposes has already, to a large degree, replaced many of the more conventional methods of communication, resulting in organisations being faced with the sometimes onerous task of implementing and maintaining effective systems and processes to maintain control over essential business communications.
In addition to general information retention provisions found in various pieces of legislation that will in most instances also apply to information obtained electronically, the Electronic Communications and Transactions Act, 2002 (ECT Act) contains specific provisions detailing how electronic communications are to be stored and the manner in which to prove the integrity of those communications.
The ECT Act legitimises electronic communications by:
The ECT Act, supported by various judicial decisions, has made it clear that evidence is not inadmissible simply because it is in electronic form. However, the integrity of the electronic evidence is vital. The ECT Act provides that electronic evidence must be given “due evidential weight”, which will depend on a number of factors, including the reliability of the manner in which the electronic evidence was generated, stored or communicated and the manner in which the originator was identified.
In order for electronic communications to be treated equally to paper-based counterparts, organisations are to ensure that they implement and maintain good email and document management systems. This is necessary to ensure that the handling of electronic information complies with the specific requirements set out in the ECT Act for the storage of electronic communication. Implementing these systems will require appropriate policies, email disclaimers and the use of robust technology, keeping in mind that the integrity of an email must be maintained for its entire life span, from capturing and retrieval to deletion.
The storage and security of personal information will be largely impacted by the Protection of Personal Information Bill (the Bill), once enacted.
The Bill aims to promote and enforce the constitutional right to privacy, by safeguarding personal information. It imposes stringent obligations on persons holding and processing personal information and also imposes system security requirements.
Although it is not yet clear what will be considered appropriate and reasonable under the Bill, organisations must ensure that stringent security requirements, including access controls, user identification and comprehensive indemnity provisions, are in place to safeguard the security of personal information.
Written by Simone Gill, Director in the Technology, Media and Telecommunications (TMT) practice and member of the Data Protection and Privacy Group, and Victor Omoighe, Associate, TMT practice, Cliffe Dekker Hofmeyr