The South African Cybercrimes & Cybersecurity Bill, 2017…much better!

The Department of Justice published the Cybercrimes and Cybersecurity Bill, 2017 yesterday. It is, at first glance, much better than the 2016 draft.

The Department of Justice published the Cybercrimes and Cybersecurity Bill, 2017 yesterday. It is, at first glance, much better than the 2016 draft. Some, like financial institutions, may not think so though, because they now have additional obligations.

The 2016 draft had some rather convoluted and onerous provisions. One example was Chapter 6 titled ” Structures to Deal with Cyber Security”. It provided for the creation of no less than 7 cyber security related entities. Chapter 6 alone ran for over 30 pages.

The 2017 draft deals with similar entities at Chapter 10 (in just under 9 pages) but makes better sense in many ways. The way it deals with these entities is clearer and simpler. It does not try to deal with every possible aspect of how they should operate.

A second example of how the 2017 draft simplifies matters is Chapter 9. It is titled “Obligations of Electronic Communications Service Providers and Financial Institutions”. The 2016 draft also dealt with these obligations under Chapter 9, the difference being that the obligations were more onerous and did not apply to financial institutions.

The 2016 draft placed obligations on electronic communications service providers to take reasonable steps to inform clients of cybercrime trends, establish procedures for them to report cybercrimes and educate clients on cybercrime countermeasures. These provisions have, probably to many consumer advocates’ chagrin, been removed.

A further change that is likely to delight both electronic communications service providers and financial institutions, is that the maximum fine that may be levied for contravening this section (i.e. failing to timeously report an incident and failing to preserve information) is capped at R50,000.00. The 2016 draft would have resulted in a fine of R10,000.00 per day from the time you became aware of an incident to the time you reported it.

In general, it certainly looks like the 2017 draft has been better thought through. It is clearer and in many ways more practical.

The quicker the Cybercrimes and Cybersecurity Bill, 2017 is passed into the law, the better. It, together with other laws like the Protection of Personal Information Act, will certainly enhance South Africa’s information economy, bringing many benefits to the country.

Contact me if you would like to know how the Cybercrimes and Cybersecurity Bill, 2017 will affect your organisation.

Filter By

Must Reads

Subscribe to receive our latest articles

Follow Us

Related Posts

Imitation is the greatest form of flattery, but we don’t think so in this case.

We are aware of the phishing email that has been circulated to many people. Although we are not the firm mentioned in the phishing email you may have received, we’ve received several calls because of the similarity to our firm name so, unless you’d like to have a chat about other technology law matters, please don’t call us as we won’t be able to help. 

We know the firm in the phishing email is a genuine law firm, based in Cape Town, and we’ve alerted them to what is likely an impersonation scam.

If you’d like to learn more about phishing, click on the following link (we promise this is a legitimate link ) to watch this entertaining video we did eight years ago.