A member of Parliament in South Africa has proposed a Cyber Commissioner Bill to create a Cyber Commissioner to centralise cyber matters as a specific responsibility within the government. Adv G Breytenbach, a member of Parliament, has proposed the Constitution Twentieth Amendment Bill (Cyber Commissioner Bill) “to amend the Constitution of the Republic of South Africa, 1996, so as to establish the office of the Cyber Commissioner as an institution supporting and strengthening constitutional democracy in the Republic”.

The amendment proposes that the Cyber Commissioner is a Chapter 9 institution directly accountable to Parliament. It will be some time before Parliament enacts the Cyber Commissioner Bill (if it succeeds). Still, the government’s approach is crucially important to the future of South Africa in the information society and economy. This would be a step in the right direction.

It remains to be seen if Parliament will see value in this sponsored bill. Nonetheless, we hope it will spark a debate that results in a far more proactive approach from the government. It may also allow the opportunity to ensure that South Africa is aligned with global developments and does not embark on “frolics of our own”, that typically prove disastrous in this interconnected world.

The Cyber Commissioner could be essential in improving South Africa’s cybersecurity.

It has been reported that the Information Regulator is opposed to the establishment of a Cyber Commissioner. Considering the current vagueness of the proposed amendment this is understandable, but in countries that have more mature cyber regulation the data protection authorities, independent as they are, and cyber regulators supplement one another and work collaboratively. If the intent is to do this, this will strengthen our security posture and the protection of citizens.

It is critical for the government to enhance good regulation (as opposed to bureaucratic intervention) as we rapidly evolve into a new AI world, and it is difficult to see why a Cyber Commissioner working in tandem with the information regulator would not enhance our prospects of achieving this. A question that is often asked is “…can South Africa afford it”? The more appropriate question is “… can South Africa afford not to invest in cybersecurity and regulation?” There is much to do in a domain that has been lamentably neglected by parliament for 30 years.

The functions of the Cyber Commissioner

As currently framed the Cyber Commissioner should promote suitable cybersecurity capabilities for all organs of state and entities dealing with public information. The Cyber Commissioner should assist the police service with the necessary capacity to conduct cyber forensic investigations. It would have a cybersecurity hub for the reporting, monitoring and investigating cybersecurity incidents and threats in the private and public sectors.

The Cyber Commissioner would advise the defence force in establishing and maintaining cyber defence capabilities.

It would advise all institutions responsible for the critical infrastructure of the Republic with regard to cyber security.

The Cyber Commissioner would promote, monitor and evaluate the compliance of all organs of state and other entities about:

  1. cybersecurity capabilities and standards,
  2. national legislation relating to the protection of personal, or public, information and interception of data.

It would make recommendations to Cabinet and Parliament to amend existing legislation, or develop new legislation, aimed at protecting several rights.

  1. Tights to freedom and security of the person contained in section 12.
  2. Privacy rights contained in section 14.
  3. Political rights contained in section 19.
  4. Right to access to information contained in section 32.
  5. Right to just administrative action contained in section 33.

Subject matter experts agree on the need for it

Many subject matter experts have been calling for this for years. Mark Heyink, in addressing the ECT Bill in parliament in 2001, proposed that there should be a centralization of all things cyber in government. That plea has been repeated by him on several occasions subsequently but has been ignored.

Professor Basie von Solms called for a dedicated ‘national cybersecurity director’ in his article called Five things South Africa must do to combat cybercrime. We have collaborated on several occasions in addressing these issues and similar matters (including the Cybercrimes and Security Bill as it was and other draft legislation on Cybersecurity) to provide a multidisciplinary approach to addressing cybersecurity in South Africa.

The action you can take

  • Find out more about the Cyber Commissioner Bill by reading the bill itself.
  • Know more about the Cyber Commissioner by asking Michalsons to help.