The Cyber Crimes Act 19 of 2020 (the Act) has now been signed into law. However, it has not come into effect. President Cyril Ramaphosa, has yet to confirm the commencement date in the Government Gazette. This Act aims to protect the public and categorises certain actions as criminal offences. Penalties include a fine and imprisonment of up to 15 years or both for guilty parties.
Some of the offences covered by the Act, amongst others, include:
- hacking,
- unlawful interception of data,
- ransomware,
- cyber fraud,
- forgery and uttering,
- extortion.
The unlawful and intentional access of a computer system or computer data storage medium will also be considered as an offence under this new law.
Moreover, Section 54 of the Act imposes certain obligations on organisations where for example, electronic communications service providers and financial institutions must report cyber offences within 72 hours of becoming aware of them.
The above-mentioned section also makes special reference to the relationship between the Act and the Protection of Personal Information Act 4 of 2013 (“POPI Act”). The POPI Act is focused on data privacy.
Balancing security, privacy and personal freedom when swift investigations are needed for cybercrimes may result in legal challenges in the near future as both these Acts come into operation.
It is therefore critical for organisations to consider and implement mechanisms which allow for the fulfilment of the obligations under the aforementioned Acts.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.