A harsh reality of the world today is the growing international threat (and industry) of cybercrime. Cyber criminals have become highly sophisticated with mechanisms, platforms and scams that are targeted and very difficult for an ordinary user to spot. Our world revolves around information technology and it is our dependence thereon which is targeted by cyber criminals.
To date, our legal framework regulating cybercrimes has consisted of various pieces of legislation as well as our common law. Unfortunately, such fall short of effectively regulating the complex world of cybercrime, necessitating the need for a consolidated framework to address cybersecurity and criminalize cybercrimes.
The proposed Cybercrimes and Cybersecurity Bill (“Cybercrimes Bill”) has accordingly been introduced to assist in providing such a framework for combating computer-related crimes and improving the cybersecurity of South African citizens.
The Cybercrimes Bill will have broad consequences for some of the following persons:
• Persons who use a computer or the internet.
• Electronic communications and financial service providers.
• Suppliers of IT hardware tools and software.
• Representatives of government departments.
• Information security experts.
• The South African Police Services (SAPS).
• People who are involved with IT regulatory compliance.
It creates approximately 50 new offences which have a bearing on cybercrimes, such as hacking, unlawful interception or interference with data, cyber extortion, cyber forgery, using financial information to commit an offence, the distribution of data messages that are harmful and computer-related offences that relate to terrorist activities. These crimes are pervasive and may have substantial implications for persons or businesses providing services in this domain, particularly as penalties are quite severe ranging from fines to imprisonment of up to fifteen years, or both.
The Bill also confers extensive powers on the SAPS to combat cybercrimes and promote cybersecurity. These powers include the right to search, access, investigate and seize anything from a computer to a database, provided that they are in possession of a search warrant authorising their actions.
It further places obligations on electronic communications service providers and financial institutions who become aware that their electronic communications network are being used to commit a cybercrime, to immediately report such to the National Cybercrime Centre – a specialised unit to be established in terms of the Cybercrimes Bill – and to preserve any information that relates to the cybercrime in question. Importantly though – this will not extend to the monitoring of the data they transmit or store on their systems or to actively seek or ensure that there are no unauthorised and illegal activities prejudicing cybersecurity.
Will the Cybercrimes Bill stop your scam emails and messages? Only time will tell. But at least there is a positive step by Government towards providing a more regulated environment to police cyberspace. With regards to the implications for businesses working within the information technology environment, it is our advice to keep close track of developments relating to this Bill as a failure to comply could hold dire consequences.