https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / Webber Wentzel RSS ← Back
Africa|Business|Financial|Industrial|SECURITY|Service|Storage|System
Africa|Business|Financial|Industrial|SECURITY|Service|Storage|System
africa|business|financial|industrial|security|service|storage|system
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

Understanding your rights and obligations under the Cybercrimes Act: An integral aspect of businesses' data and information protection processes

Close

Embed Video

Understanding your rights and obligations under the Cybercrimes Act: An integral aspect of businesses' data and information protection processes

Webber Wentzel

24th October 2024

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

Businesses in South Africa are required to notify authorities of certain offences, although they are also empowered to rely on certain legislation to protect and enforce their rights against criminals.

The Cybercrimes Act 19 of 2020 (the Cybercrimes Act) is the first statute in South Africa to explicitly recognise cybercrimes by creating a new category of criminal offences under South African law. These cybercrimes include:

Advertisement
  • the unlawful interception of data;
  • the theft of incorporeal property;
  • cyber fraud;
  • cyber forgery and uttering;
  • cyber extortion; 
  • the unlawful acquisition, possession, provision, receipt or use of a password, access code or similar data or device;
  • unlawfully accessing a computer system or computer data storage medium; and
  • the unlawful interference with data, a computer program, a computer data storage medium or a computer system.

The Cybercrimes Act also places certain obligations on institutions and corporations to comply with stringent security requirements in managing the data of citizens and employees. Contravention of the Cybercrimes Act may, upon conviction, result in several penalties, including fines and up to 15 years imprisonment.

Various key sections of the Cybercrimes Act took effect on 1 December 2021. Businesses are increasingly relying on the Cybercrimes Act to enforce their rights to their proprietary information and data. 

Advertisement

Recently, a South African airline exercised its rights under the Cybercrimes Act against a former employee accused of engaging in industrial espionage and misappropriation of the airline’s incorporeal property. The airline filed a complaint in terms of the Cybercrimes Act with the South African Police Service. The airline alleged that the former employee disclosed its confidential information obtained during the employee's tenure with the airline, to the employee’s new employer without authorisation. 

Among other things, the employee was accused of unlawfully disseminating copies of documents containing client revenues, thereby violating the confidentiality and proprietary interests of their former employer.

Businesses should not only have regard to the protections and possible remedies the Cybercrimes Act offers them, but also to their own obligations under the statute. 

Importantly, electronic communications service providers and financial institutions have specific duties in relation to reporting cybercrimes (although these obligations have been suspended until a date to be determined by the President). In terms of section 54, electronic communications service providers and financial institutions must report any cybercrime involving their electronic communications service or network to the Information Regulator and the South African Police Service within 72 hours of becoming aware of the offence. Any information which may be of assistance to the South African Police Service in conducting their investigation must also be preserved. A failure to comply with these obligations may upon conviction attract a fine of up to ZAR 50 000.

According to a directive published by the South African Reserve Bank (SARB), effective August 2024 participants in the National Payment System also have certain duties in relation to reporting cybercrimes. The directive introduces new cyber-security requirements for payment institutions regulated under the National Payment System Act 78 of 1998, including clearing system participants, settlement system participants, third-party payment providers, system operators, payment clearing house system operators, and the operators of payment system financial market infrastructures.

Notably, payment institutions and operators must report material cyber-incidents to the SARB within 24 hours of the cyber-incident occurring and must submit a report to the SARB containing specified information regarding the cyber-incident within 48 hours of the cyber-incident occurring. Payment institutions and operators are also required to provide ongoing updates to the SARB until the incident is fully resolved. As part of their internal business processes, payment institutions and operators must also ensure that any information-sharing arrangements they enter into comply with the relevant provisions of the Cybercrimes Act relating to the disclosure of information.

Other legislation, such as the Financial Intelligence Centre Act 38 of 2001 and the Prevention and Combatting of Corrupt Activities Act 12 of 2004, also imposes mandatory reporting obligations and it is vital that businesses are aware of their obligations to notify authorities of certain events and offences.

Written by Karl Blom, Partner, Mieke Vlok, Senior Associate & Inge Swanepoel, Consultant, Webber Wentzel

 

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za