The Cybercrimes Act was signed by the President, who turned the Act into law. This article will focus on the overview of the Act and some implications involved, and who is affected.
What is a Cybercrimes Act
With cybercrime increasing, the Cybercrime Act intends to keep people safe from terrorists, criminals, and other states. The Act also aims to consolidate cybercrime laws into one place, and it seeks to prevent cybercrime which further improves the country’s security. Under Chapter 2 of the Act, the activities that are enforceable and would constitute cybercrimes include the following:
- unlawful access or interception of data and interference with a computer program or data, which also includes hacking;
- illegal acts that relate to software or hardware, for example, ransomware. These include any unlawful interference with a computer system or computer data storage medium; and
- unlawful possession, acquisition, provision, receipt or using password access code or device or similar data;
- cyber forgery, cyber fraud and cyber extortion;
- theft of incorporeal; and
- malicious data message communications, including messages that threaten or incite violence or damage property, and messages that are intimate in nature. Part of VI of Chapter 2 also grants protection orders for any types of malicious communications which may not be included in the proclamation and is yet to commence.
The Cybercrimes Act also recognises certain cybercrimes, such as aggravated offences mentioned in section 11. Aggravated offences are where a ‘restricted computer system’ is accessed and used unlawfully. This is also where the computer program, computer data storage medium, computer system or data is under the control of, or is used exclusively by, an organ of the state or a financial institution (e.g. insurer or licensed bank) and is protected against unauthorised access or use by the security measures.
The penalties for these offence consists of a fine, imprisonment, or in some instances, both. The Act does not necessarily specify how much the fine will be; however, the penalty should not exceed R50 000.
Who is Affected by The Cybercrimes Act in South Africa
The Cybercrime Act covers stealing and sharing passwords or access codes that you use on digital devices and computers. In basic terms, cybercrimes include someone stealing your information or using this information for nefarious purposes. This includes identity theft, where a scammer will pose as you to gain access to things like your mobile accounts and your bank. Cyber forgery, extortion, and the theft of incorporeal property are also included in the Act, which means that victims of cybercrimes will have better protection.
The Cybercrimes Act will affect all organisations and individuals, and the effects will be significant and negative in some instances. The Act will impact all people who use a computer or process data. Organisations, individuals, banks and parents will likely commit offences daily and people involved with IT or data protection regulatory compliance. These include all Electronic Communications Service Providers (ECSPs), representatives from various government departments, financial institutions, cybercriminals and terrorists, the police service and information security experts.
The Act includes malicious communications, which are broad and could cover simple things like a WhatsApp message. The Act also covers any posts on your Facebook profile or a Telegram message. Any messages sent on social media platforms that might incite or damage property or threaten someone and messages that include an intimate image of someone without their consent are included in The Act. That is why you must share appropriate things and not hurt anyone. If you were convicted of malicious communications-related crimes, you could receive a fine or a prison sentence of three years.
The Cybercrime Act also imposes an obligation on all ECSPS and financial institutions to report any cyber offences within 72 hours when they notice them. They also have the responsibility to preserve information that may assist in investigating cybercrimes, and they have to work with law enforcement where applicable when they are investigating cybercrimes. This may mean that they have to hand over data and hardware in some instances. If financial institutions and ECSPs fail to report cyber offences within 72 hours of becoming aware of them, they may be liable to a fine of up to R50 000.
In the Act, the South African Police Services have the authority to investigate, access, search and seize, and co-operate with foreign states when investigating cybercrimes. The Act also stipulates that the National Director of Public Prosecution has to compile a report on the number and the results of the prosecutions for cybercrimes for the National Prosecuting Authority. As part of the Act, South African courts have jurisdiction to adjudicate over acts or alleged omissions to constitute an offence that affects a person in South Africa, even when the defined cybercrime is committed outside of South Africa.
The Cybercrimes Act is beneficial for reducing cybercrime offences and protecting the victims of cybercrimes. However, we must take precautions when sharing content online and on social media platforms.