In terms of RICA, all forms of monitoring of communications are unlawful, unless they take place under one of the legally recognised exceptions. This includes monitoring e-mail, websites visited and telephone calls made. Many organisations struggle to determine what processes and procedures they need to put in place in order to be able to rely on the exceptions and hence monitor in a legally compliant manner.
A failure to monitor in a legally compliant manner can expose the managing director or CEO as “the Systems Controller” or any other person he has authorised to act as System Controller (who is responsible for monitoring under the so-called ‘business exception’ in RICA), susceptible to imprisonment not exceeding 10 years or a fine not exceeding R2 million.
What is included in the Monitoring Audit
We perform a GAP analysis where we:
- Assess the extent to which an organisation is “compliant” with applicable ICT law; and
- Assess the legal risks posed by the use of information and communications technology in organisations.
Where necessary, we recommend solutions which would ensure compliance with South African regulatory requirements and implement best practice where sound business practice, rather than a legal requirement, dictate that risk be managed.