All forms of monitoring of communications are unlawful in terms of RICA, unless they take place under one of the legally recognised exceptions. This includes monitoring email, websites visited and telephone calls made. Many organisations struggle to determine what processes and procedures they need to put in place in order to be able to rely on the exceptions and hence monitor in a legally compliant manner.
What is the risk of non-compliance?
A failure to monitor in a legally compliant manner can expose the managing director or CEO as “the Systems Controller” or any other person he has authorised to act as System Controller (who is responsible for monitoring under the so-called ‘business exception’ in RICA), susceptible to imprisonment not exceeding 10 years or a fine not exceeding R2 million.
What is included in the Monitoring Audit
In the Monitoring Audit, we perform a GAP analysis where we:
- assess the extent to which an organisation is “compliant” with applicable monitoring and interception laws, and
- assess the legal risks posed by the use of information and communications technology in organisations.
Where necessary, we recommend solutions which would ensure compliance with South African regulatory requirements and implement best practice where sound business practice, rather than a legal requirement, dictate that risk be managed.