Two weeks ago on 01 December 2021, certain section of the Cybercrimes Act came into force and effect.
The Act is meant to assist the Justice Minister with establishing regulations on cybercrime and providing controls to deal with malicious threats, terrorists and other states with bad intent. The Act will contribute to the overall improvement of the country’s security as cybercrime becomes a national security issue.
Is it just IT professionals who are affected by the Cybercrimes Act? No. Any individual who has access to a computer or processes data is directly impacted by the Act and needs to be aware of what the Act criminalises. These criminalised activities are:
- unlawful access, interception and interference of data;
- unlawful acts in respect of software and hardware tools;
- cyber fraud, cyber forgery and cyber uttering; and
- malicious communications, which includes a form of “hate speech”.
The Act was also established to recognise South Africa’s strength as a trading partner with the right controls in place to deal with a rising and daily global issue. Co-operation with foreign states to help with measures on detection and response along with local law enforcement like SAPS will also be strengthened.
Some of the sections of the Act that have commenced on 01 December:
- Chapter 1: Definitions and interpretation
- Chapter 2 excluding Part VI. This part declares the various crimes. Part VI talks to orders that can be granted to protect victims from the detrimental effects of malicious communications and is not yet in force
- Chapter 3: outlining issues of jurisdiction relating to cybercrime
- Chapter 4: (excluding section 38(1)(d), (e) and (f), 40(3) and (4), 41, 42, 43 and 44) – section talks to powers of law enforcement to investigate, search and act
Find the full list here at ENS Africa.
The Act covers the crimes of hacking, unlawful interception of data, ransomware, cyber forgery, cyber extortion, and malicious communications. (Michalsons)
The reporting of offences is one of the main objectives of the Act. The Act provides guidance on reporting mechanisms by stating that:
– Offences must be reported with 72 hours by financial institutions
– Information must be recorded that substantiates offence
A fine of up to R50 000 may be imposed if the above requirements are not observed.
Overlap with POPIA
The Cybercrimes Act features some criminalised offences that overlap with unlawful access to personal information that is regulated under the Protection of Personal Information Act. POPIA may not define unlawful access to personal data as a breach or cybercrime, but does mandate that all companies are obligated to report to the Information Regulator and affected persons if there is reason to believe that personal information of customers, clients or individuals are in the hands of an unauthorised person.
“This is significant as companies may have obligations under both the Cybercrimes Act and POPIA. This bears particularly on:
- Reporting obligations: Electronic communications service providers and financial institutions may, in particular, be required to discharge reporting obligations under both the Cybercrimes Act and POPIA, should the circumstances require (for example, where there has been unlawful access to financial information processed by a bank). Companies should be aware of the different procedures and timeframes to be followed for reporting.
- Liability: The Cybercrimes Act and POPIA each impose a different form of liability, depending on the infringing conduct.” ENS Africa
The Fortitude to win in this regulatory landscape
Need to comply effectively with the Cybercrime Act and POPIA?
Brought to you by the Nihka Technology Group, Fortitude is an Artificial Intelligence security engine that self learns your IT systems without human intervention working 24/7.
Our AI solution understands your environment, finds weaknesses, replicates, and makes recommendations to fix. Integrating security into your DevOps before production means that vulnerabilities are validated during test and development to ensure production systems are secure during deployment.
Fortitude is POPIA compliant and aligns with the CyberCrimes Act of South Africa.
The Nihka Technology Group is a South African technology company based in Johannesburg, South Africa. The Group is focused on bringing the digital future to both the private and public sectors, locally and globally by delivering innovative, integrated technologies and intelligent solutions. Nihka offers end-to-end multi-dimensional consulting with an emphasis on integrating the human potential. Bringing EQ into AI.