Providers of electronic communications services (ECSPs) face an increasingly complex framework of compliance requirements in respect of their networks and accessing information pertaining to their use. While these requirements used to be derived primarily from sector legislation, such as the Electronic Communications Act, No 36 of 2005 and Interception laws (the RICA Act, No 70 of 2002) this is no longer the case. Requirements in respect of voice and data interception, real-time or archived.
Most notably, the proposed Cybercrimes and Cybersecurity Bill, tabled last year, add new monitoring obligations for communications service providers and financial institutions. This Bill requires an ECSP (and financial institution) within 72 hours of becoming aware of its network being involved in the commission of a cybercrime, to report it and preserve any information which may be of assistance to law enforcement agencies.
The latest piece of legislation to create further obligations for service providers is the Maintenance Amendment Act, No 9 of 2015. The opportunity for defaulters of maintenance to avoid their responsibilities is now becoming increasingly difficult, with maintenance officers that may now request electronic communications service providers to furnish contact information of defaulters.
During 2015, this Act came into force, with the exception of two sections and one subsection, presumably in light of certain practical difficulties. With effect from 5 January 2018, the three outstanding provisions, ie s2, 11 and 13(b) of the Maintenance Amendment Act, have become effective.
Section 2 of the Maintenance Amendment Act amends s7 of the Maintenance Act, No 99 of 1998, which deals with the investigation of maintenance complaints. The new provision sets out that if a person responsible for maintenance cannot be traced by a maintenance officer and is a customer of an ECSP, the maintenance court may now issue a direction to one or more ECSPs, to furnish the court with the contact information of the responsible person. In addition, the order may only be granted if the court is satisfied that all reasonable efforts have been made by the maintenance officer to locate the defaulter and such efforts have failed.
As is the case in the Cybercrimes Bill, an ECSP may apply for an extension of time, if it can be shown that the information cannot be provided timeously. The service provider may also apply for the cancellation of the direction, if it can be proven that no service is provided to the person in question, or if the requested information is not available in its records.
The cost implications to obtain the information from a service provider may be funded by the State if it is found that the complainant cannot afford to do so. The court may also order the person affected by the order (the defaulter), to refund the State, if it has paid the costs for the furnishing of information.
While this amendment may assist in tracing defaulters who often do everything in their power to evade their maintenance obligations, it adds a further obligation on service providers to comply with information and interception directives – an increasingly complex area of network compliance.