The Cybercrimes Bill is in the process of being enacted. Some people will call it the Cyber Crimes Bill, Cyber Bill, Cybercrime Bill or Cybercrimes Act. What will you call it?
The Cybercrimes Bill is tabled in Parliament and we have studied it so that you don’t have to. We provide you with an overview below. Why is it necessary? Who is affected? What action do you need to take? What does it deal with? We answer these questions in this article.
Why do we need the Cybercrimes Bill?
Many people will be asking – Do we need the Cybercrime Bill? Cybercrime is on the increase and the Cybercrimes Bill aims to keep people safe from criminals, terrorists and other states. It also consolidates cybercrime laws into one place. Essentially, it aims to stop cybercrime and improve the security of the country.
Who is affected by the Cybercrimes Bill?
The practical impact of the Cybercrimes Bill on all organisations and all individuals is significant and unfortunately mostly negative. We thought it had been fixed but it hasn’t. Law enforcement wants to curtail our freedom by making everyday things a crime. It impacts all of us who process data or use a computer. Individuals, parents, journalists, organisations, banks and many others will probably commit many offences daily.
- People involved with IT (or data protection) regulatory compliance.
- All Electronic Communications Service Providers (ECSPs).
- Financial institutions.
- Representatives from various government departments.
- Cybercriminals and terrorists.
- Providers or vendors of software or hardware tools that could be used to commit offences.
- Information security experts.
- Everyone who uses a computer or the internet.
- The Police Service.
Actions for you to take
- Know what is in the Cybercrimes Bill by downloading the latest draft (with changes tracked or accepted) and reading it.
- Raise your awareness of this Bill, have your question asked and see what others are concerned about by attending a Cybercrime Law webinar.
- Assess the risk of your organisation (or its staff) committing a cybercrime by attending a Cybercrime Law workshop.
- Assess the extent to which the Cybercrimes Bill will protect your organisation from cyber criminals by attending a Cybercrime Law workshop.
- Assess the impact that this Bill will have on your organisation by asking us to do an impact assessment for you.
- Identify what action your organisation will need to take to comply with it by asking us to do a gap analysis for you.
- Brief your board on the Cybercrimes Bill and the legal implications for your organisation by asking us to present to them.
- Receive future updates or alerts about the Cybercrimes Bill by subscribing to the Michalsons newsletter.
The timeline on the Cybercrimes Bill
The Cybercrimes Bill was first published on 28 August 2015, updated on 19 January 2017 and was introduced in Parliament on 22 February 2017. The Bill is still sitting at Parliament as there was a strong push by the old regime in government to enact the Bill in its then-current form. There were extensive comments on the Bill during the public participation period in 2017, and particularly on onerous aspects of the Bill. Those comments were considered and incorporated into the Bill the latest version of the Bill that was published in October 2018.
Overview of the latest version of the Cybercrimes Bill
The Cybercrime Bill creates many new offences. Some are related to data, messages, computers, and networks. For example:
- unlawful interception of data,
- cyber forgery and uttering, or
- cyber extortion.
The penalties consist of a fine, imprisonment, or both. How much could you be fined? The Bill no longer specifies this, but if you are convicted of a cybercrime, you could spend between one year to fifteen years in prison, depending on the cybercrime. The Cybercrime Bill gives the courts jurisdiction to try these offences is some cases where there is uncertainty.
The National Director of Public Prosecutions must keep statistics on the number, and results of prosecutions for cybercrimes. These statistics must be included in the NDPP’s report on the NPA.
The Cybercrimes Bill gives the Police Service (and their members and investigators) extensive powers to investigate, search, access and seize just about anything (like a computer, database or network) wherever it might be located, provided they have a search warrant. Foreign states will co-operate to investigate cybercrimes.
To deal with cybercrime, the Minister of Police must establish and maintain:
- a Point of Contact for cyber crimes, and
- the capacity to detect, prevent and investigate cybercrimes.
The Cybercrime Bill helps people to admit evidence of cybercrimes.
ECSPs and financial institutions must:
- report offences to the police no later than 72 hours,
- preserve any information that relates to it.
If an ECSP or a financial institution doesn’t, it is liable on conviction to a fine of R50 000.
This does not mean that ESCPs and financial institutions have to monitor the data they transmit or store on their systems. They also don’t have to actively look for situations that indicate unlawful activity.
The Cybercrime Bill enables the Minister of Justice to make regulations on information sharing. This includes sharing information on cybersecurity incidents, detecting, preventing and investigating cybercrimes.
The President may enter into agreements with other states considering this is a global issue.
Various laws are repealed or amended, most notably Chapter 9 and sections 85, 86, 87, 88 and 90 of the ECT Act.