On 2 December 2020, South African Parliament passed the Cybercrimes Bill ("Bill"), which will be submitted to the South African President for assent.

The Bill creates many new offences with the majority of these being related to data, messages, computers, and networks involving hacking, the unlawful interception of data, ransomware attacks, cyber forgery and uttering, and cyber extortion. The Bill also grants law enforcement extensive powers to investigate, search, access and seize various articles, such as computers, databases or networks.

The Bill further imposes a duty to report certain offences on the part of electronic communications service providers and financial institutions within 72 hours. Failure to make the required report could lead to a fine of a maximum of ZAR50 000 on conviction.

Importantly, the Bill contains a section criminalising certain "malicious communications". These are data messages which, among others:

  • incite damage to property or violence;
  • threaten persons with damage to property or violence; or
  • discloses an intimate image.

Any person who contravenes the above provisions can be liable on conviction to a fine or to imprisonment for a period not exceeding three years or to both a fine and imprisonment.

In general, all companies would benefit from understanding the implications and impacts of the Bill, including any changes that may be required in terms of company policies and procedures.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.