The latest draft of the Cybercrimes Bill is better but still concerning for a few reasons. The Department of Justice and Constitutional Development tabled a new version of the Cybercrimes Bill in the Portfolio Committee on Justice and Correctional Services on 23 October 2018. This draft is marked as “Final”  which suggests that we are nearing the end of the legislative cycle and that this Bill will probably be passed by Parliament in a form close to this draft.

The Cybercrimes Bill is necessary to reduce cybercrime

Right from the outset, let us make it clear that we believe this Bill is necessary to fight and reduce cybercrime in South Africa. Cybercrime is at alarming levels in South Africa as many people have been the victims of cybercrime. We urgently need to step up our fight against cybercrime and this Bill will play a significant part in that. We need a law that sets out what the crimes are and then convicts people of these crimes. This will then hopefully lead to a reduction of cybercrime.

How this draft differs from previous versions

The Bill is called the Cybercrimes Bill and not the Cybercrimes and Cybersecurity Bill to make it clear that this Bill is all about cybercrime and not about cybersecurity. Cybersecurity will be dealt with under a different law. We welcome this change and is something we have been asking for. This resolves many issues from the previous Bill.

Other key points related to the new Cybercrimes Bill:

  • The data crimes remain in the Bill and if you access personal data contrary to the conditions in POPIA, you’re guilty of an offence.
  • The crimes related to malicious communications are still in. The section that makes fake news a crime has been removed.
  • The sections dealing with intercepting communications and preserving evidence remain.
  • The obligation on various organisations (like ECSPs and financial institutions) to report cybercrime remains.
  • The structures created to deal with cybercrime are simplified, which is welcomed.
  • The sections dealing with critical information infrastructures (CII) have been removed.

Actions you can take

  • Know what is in the Cybercrimes Bill by downloading the latest draft (with changes tracked or accepted) and reading it.
  • Raise your awareness of this Bill, have your questions asked and see what others are concerned about by attending a Cybercrime Law webinar.
  • Assess the risk of your organisation (or its staff) committing a cybercrime by attending a Cybercrime Law workshop.
  • Assess the extent to which the Cybercrimes Bill will protect your organisation from cyber criminals by attending a Cybercrime Law workshop.
  • Assess the impact that this Bill will have on your organisation by asking us to do an impact assessment for you.
  • Identify what action your organisation will need to take to comply with it by asking us to do a gap analysis for you.
  • Brief your board on the Cybercrimes Bill and the legal implications for your organisation by asking us to present to them.
  • Receive future updates or alerts about the Cybercrimes Bill by subscribing to the Michalsons newsletter.