On 3 July 2017, the Portfolio Committee on Justice and Correctional Services called for comments on the latest draft of the Cybercrimes and Cybersecurity Bill [B6 – 2017] (Bill) published in March 2017. As mentioned in a previous alert, written submissions on the Bill were initially due by no later than 28 July  2017. However, the deadline for submissions has been extended to 10 August 2017.

This Bill is important. It aims to create a uniform framework for the detection, combatting and prosecution of cybercrime and the promotion of a cybersecurity culture in South Africa. While the Electronic Communications and Transactions Act, No 25 of 2002 contains certain provisions addressing aspects of cybercrime, and the current legislative framework to address conduct related to such crimes is made up of multiple provisions in various laws, there is currently no single law with cybercrime as its specific focus. There is also currently no organised inter-governmental approach in South Africa to deal with cybercrime and cybersecurity. Once enacted, the Bill aims to address these issues, create various structures to combat cybercrimes, and develop the capacity and resources necessary to create a cybersecurity culture. This goal is in line with a regional and global movement towards addressing this worldwide endemic.

This Bill will affect companies and individuals for the following reasons:

  • It creates new crimes.
  • It extends jurisdiction.
  • It proposes new rules for the collection, preservation and use of evidence.
  • It gives new far-reaching powers to police and law enforcement officials in the investigation and prosecution of cybercrime.
  • It allows certain organisations to be declared Critical Information Infrastructure and proposes standards for compliance and future audits.

Electronic communications service providers, Telco’s, banks and financial institutions, in particular, should be cognisant of the new responsibilities and requirements that will be placed on them to assist law enforcement with the investigation of cybercrimes, should the Bill be enacted in its current form. In this regard, the Bill also requires significant alignment with the Regulation of Interception of Communications and Provision of Communication-Related Information Act, No 70 of 2002 (RICA) and the Protection of Personal Information Act, No 4 of 2013 (POPI).