The Cybercrimes Act has a significant impact on many organisations and individuals. Unfortunately, the impact is mostly negative and a bit scary. Correctional services are going to have to build more prisons to lock up everyone who commits a cybercrime. Few people will actually go to jail because we don’t have enough skilled people to enforce these laws, but you better start saving money to pay fines.
The POPI Act has very few but specific crimes, and there was a collective sigh of relief by everyone when failing to comply with the POPI Act did not mean that you were committing a crime. The unintended effect of the Cybercrimes Act is that it essentially criminalises the POPI Act and makes non-compliance a crime. The Cybercrimes Act also opens the door for selective prosecution.
Read what the impact is on you below and if it scares you, receive future updates about the Cybercrimes Act including news about our soon-to-be-launched programme, by subscribing to the Michalsons newsletter. You can also dive into the detail of the Act by reading the web-based version of it.
For private organisations (like insurance providers, media houses or direct marketers)
- If you fail to process any data (including personal information) in accordance with any law (or without authorisation from someone who can do it lawfully), you could be fined or imprisoned for five years. For example, you’re a criminal if you fail to: retain records for the prescribed period or comply with the conditions for lawfully processing any personal information under data protection laws. You’re going to have to be very careful to process all data according to all laws. You are going to have to engage with (and pay) lawyers who know the laws that apply to data or information.
- If you access personal information unlawfully (for example, contrary to the conditions in the POPI Act), or possess personal information that someone else acquired unlawfully, you could be fined or imprisoned for 10 years.
- If law enforcement finds you in possession of data (like personal information) that they think was acquired unlawfully by anyone, and you cannot explain it, you could be fined or imprisoned for five years. The onus is reversed, which means that you have to prove your innocence.
- If you do anything with software or hardware tools that could be used to commit a cybercrime, you could be fined or imprisoned for 10 years. This is like prosecuting someone for murder because they have a hammer in their hand.
- You are going to have to help law enforcement catch cyber criminals at your cost or else you could be fined or imprisoned for two years.
- A court can order you to preserve any evidence at your cost.
For financial institutions (like banks)
- All of the above, and
- If you become aware that a crime has been committed, you must report the offence to SAPS and preserve any evidence in the manner prescribed by the Minister of Police at your cost. If you don’t, you could be fined R50 000.
For ICT companies (like service providers, ISPs, network operators, vendors)
- All of the above, and
- If you sell a tool that could be used to commit a cybercrime, you are probably going to have to shut down that business, because selling such tools is a cybercrime.
- You are going to have to initiate an extensive compliance programme to ensure you process data in accordance with the law because your customers are going to look to you if they get into trouble. You might even have warranted in your contract that you will comply with all laws.
For individual users of computers (like your mother or a journalist)
- If you send a message (like a skype, tweet, whatsapp, or email) that is harmful (or could incite others to cause damage to property or hurt people), you could be fined or imprisoned for three years. You will have to be very careful about what you write in an email, private messages and social media.
- If you have a tool (like an app on your phone that bypasses wifi passwords) that could be used to commit a cybercrime, you could be fined or imprisoned for 10 years.
- If you share your password or access code with someone, you could be fined or imprisoned for 10 years. For example, if you share your online banking details and log-ins so someone can access your money, you could be a criminal.
- If law enforcement finds you in possession of a password that they think you are going to use to commit a cybercrime and you cannot explain why you have it, you could be fined or imprisoned for five years. The onus is reversed, which means you must prove your innocence.
- If you commit an offence (which is easy to do) regards the computer system of a financial institution or the state, and you will be fined more or imprisoned for longer.
- Law enforcement has extensive powers to search, access and seize your data, computer or phone.
For parents (like me)
- If your child is being cyberbullied, you will have a better chance of getting law enforcement to help you stop the bully. On the negative side, if your child is accused of bullying, the consequences could be severe.
- If someone is distributing nude pictures of your child, you will have a better chance of stopping them. You could even get an interim order preventing others from sharing the pictures online. This is one of the few positive impacts of the Cybercrimes Act.
For Government, public bodies, or municipalities
- Public bodies can only act if the law authorises them to do so. If the law does not authorise you to process data (including personal information), you could be fined or imprisoned for five years. This will put most public bodies into a state of paralysis for fear of committing a crime.
For law enforcement and the judiciary
- You are going to have to comply with lots of procedures and rules to prosecute people. You will have to undergo extensive training and be very careful about what you do each day. Your job is going to get a lot harder because you are going to have to enforce this Cybercrimes Act.
- You’re also a user, so you might also commit crimes in your personal capacity, and the Cybercrimes Act’s impact on you would be the same as other individual users.
How does the Cybercrimes Act impact Lawyers?
They are going to make lots of money – it’s party time. Bad laws (like the Cybercrimes Act) are good news for lawyers.
Scared?
If this scares you:
- Ask us to help you determine the impact of cybercrimes on your organisation and the next steps by doing the online Cybercrimes impact assessment, and
- Find more actions you can take related to cybercrime by visiting our main cybercrime law page.