With the increase of cybercrime globally, governments are looking to increase cybersecurity to protect citizens. Up to now, South Africa has not had a clear definition of what constitutes cybercrime, and this has hampered the investigation and prosecution of internet-based criminal activity. President Cyril Ramaphosa has recently signed the Cybercrimes Act into effect and, by doing so, aligned South Africa's cybersecurity laws with that of the rest of the world.
According to the Cybercrimes Act, cybercrime can be defined as unlawful access to a computer, USB or external hard drive, the illegal interception, acquisition or possession of data, unauthorised use of login information or forgery, fraud, or online extortion.
The idea behind the Act is to adequately define cybercrime by assigning penalties to specific categories of crime and regulating the jurisdiction of cybercrime by criminalising the distribution of harmful messages.
The Cybercrimes Act defines data as any electronic representation of information, no matter what form it takes. A few of the offences addressed within the Act encompass hacking, unlawful interception of data, ransomware, cyber forgery or extortion. Penalties can include a fine, jail time of up to 15 years or a combination of the two.
According to the Act, all electronic communications service providers, like internet service providers (ISPs) and financial institutions, are duty-bound to report cyber offences within 72 hours, where possible, or they too could be held liable for fines of up to R50,000.
The signing of the Cybercrimes Act has arrived just in time to align with the Protection of Personal Information Act (POPIA) implementation, which requires the compliance of all companies by the end of June 2021.
POPIA, which aims to offer the right to privacy by protecting the processing of personal information, aims to prevent the loss, damage, destruction, or unauthorised access of personal details and requires that companies take responsibility and act with integrity when it comes to the sharing of customer details.
Both the Cybercrimes Act and POPIA require that any companies with data breaches notify the Information Regulator as quickly as possible. It now recognises the privacy and security of personal information with the same significance as tangible goods.
The Cybercrimes Act means that you should be careful about what messages you post online. Messages that incite violence like bodily harm or damage to property can land you in jail. The same applies to inciting violence against a group of people, whether grouped by race, gender, sex, social origin, or nationality.
Sharing intimate images without consent will also get you prosecuted under the Act, whether real-life or simulated imagery displays nudity or genitalia if it violates the victims' sexual integrity or dignity.
The Act also criminalises the practice of downloading content that has a copyright and requires that ISPs work with the police to investigate or solve cybercrimes. These companies must preserve and hand over any relevant information or hardware to help the South African Police Service and make themselves available to advise.
The Cybercrimes Act gives the Minister of Justice and Constitutional Development the right to create further regulations around information sharing that imply more detailed laws around the detecting, preventing, and investigating of cybersecurity incidents that may come to light over the next few months.
The clear message is that South Africa is making sure they have sufficient measures in place to ensure online safety and security and it is up to us to do our part to help.
Numata Business IT offers a range of cybersecurity services for SMEs and can assist with your business’s every need.