RICA stands for the Regulation of Interception of Communications and Provision of Communication Related Information Act 70 of 2002 and finally came into effect on 30 September 2005. RICA is the piece of South African legislation that governs the interception or monitoring of paper-based and electronic communications.
It has recently been in the headlines because some sections of the RICA only came into effect on 1 July 2009. These sections mean that millions of prepaid mobile customers will need to be registered with the networks. However, despite previous outrage by the mobile operators, it seems to be all systems go. The press release from the Department of Justice and Constitutional Development provides a full explanation.
Click here for a leaflet about registering your cell phone number.
RICA is the piece of legislation in South Africa that governs the interception or monitoring of communications
RICA in a nutshell
The word cloud on the right provides an overview of RICA. Every time communications are monitored and thereafter intercepted there is a potential infringement of the Constitutional right to privacy. RICA deals with the protection of that right and the circumstances under which the right is limited and the infringement permitted. RICA does not prevent an employer from monitoring its employees, but such monitoring must comply with RICA.
RICA states that no person – who is not a party to the communication, who does not have prior written consent or is not acting in the course of business – may intentionally intercept, attempt to intercept, authorize or procure any other person to intercept or attempt to intercept at any place in the Republic any communication in the course of its occurrence or transmission.
RICA provides that all forms of monitoring and interception of communications are unlawful unless the monitoring and interception takes place under one of the recognized exceptions in RICA. There are several exceptions to the general rule on the prohibition on intercepting communications, three of which apply to monitoring in the workplace:
- Party to a communication: Section 4 of the RICA allows a party to a communication to monitor and intercept the communication if he/she is a party to the communication (for example, where the participants in a meeting consent to the meeting being recorded). This exception also applies where the interceptor is acting with the consent of one of the parties to the communication.
- Written Consent: Section 5 allows for interception of any communication under any circumstances – i.e. no special motivation or reason is required for it provided the person whose communication is being intercepted has consented to it in writing prior to such interception.
- Business Purpose Exception: Section 6 contains a so-called “business purpose exception” which involves the interception of “indirect communications in connection with the carrying on of business”. Section 6 authorises any person to intercept indirect communications in the course of carrying out their business by means of which a transaction is concluded in the course of that business, which “otherwise relates to that business” or which “otherwise takes place in the course of the carrying on of that business, in the course of its transmission over a telecommunication system”.
However, to be lawful such interceptions must be made for two specified purposes, and are subject to three provisos.
- The first authorised purpose is to “establish the existence of facts”;
- The second is to “secure” the system, or which is “undertaken as an inherent part of the system”.
- The first proviso is that each interception must be authorised by the system controller;
- The second is that the system concerned is “provided for use wholly or partly in connection with the business concerned”;
- The third is that the system controller must have “made all reasonable efforts to inform in advance a person who intends to use the telecommunications system concerned that indirect communications transmitted by means thereof may be intercepted”, or if the user concerned consents to the interception.
Important note: If section 6 is contravened, the CEO is exposed to imprisonment not exceeding of 10 years or a fine not exceeding R2 million.
Purpose of monitoring policy and compliance documentation
Whilst obtaining written consent to monitoring (under section 5) is the first prize, the company will in all probability not be able to get written consent from all employees. As such it is necessary to be able to create a “safety net” and be able to rely on the section 6 business purpose exception. Relying on section 6 will often entail having to “find the evidence” after the fact in order to demonstrate that the system controller made all reasonable efforts or obtained the express or implied consent of a person to monitor.
The following monitoring compliance documentation assist an organisation to comply with the section 6 business purpose exception.