The Practical Impact of the Cyber Bill on You

Home/Cyber Crime/The Practical Impact of the Cyber Bill on You

  • View Larger Image

The second draft of the Cyber Bill (also known as theCybercrime Bill) will have a significant impact on many organisations and individuals. Unfortunately,the impact is mostly negative and frankly scary. Correctional services are going to have to build more prisons to lock up everyone who commits a cybercrime. Few people will actually go to jail because we don’t have enough skilled people to enforce these laws, but you better start saving money to pay fines.

ThePOPI Acthas very few but specific crimes, and there was acollective sigh of relief by everyonewhen failing to comply with the POPI Act did not mean that you were committing a crime. The unintended effect of the Cyber Bill is that it essentially criminalises the POPI Act, and makes non-compliance a crime. The Cyber Bill also opens the door for selective prosecution.

Read what the impact is on you below and if it scares you, attend our full-dayCyber Crime and Security Workshop.

For private organisations (like insurance providers, media houses or direct marketers)

  • If you fail toprocess any data(including personal information) in accordance with any law (or without authorisation from someone who can do it lawfully), you could be fined or imprisoned for five years. For example, you’re a criminal if you fail to:retain records for the prescribed period, orcomply with the conditions for lawfully processing any personal information under data protection laws. You’re going to have to be very careful to process all data according to all laws. You are going to have to engage with (and pay) lawyers who know the laws that applyto data or information.
  • If youacquire personal informationunlawfully (for example, contrary to the conditions in the POPI Act), orpossess personal information that someone else acquired unlawfully,you could be fined or imprisoned for 10 years.
  • If law enforcement finds you inpossession of data(like personal information) that they think was acquired unlawfully by anyone, and you cannot explain it,you could be fined or imprisoned for five years. The onus is reversed, which means that you have to prove your innocence.
  • If you do anything with software or hardwaretoolsthat could be used to commit a cybercrime,you could be fined or imprisoned for 10 years. This is like prosecuting someone for murder because they have a hammer in their hand.
  • You are going to have tohelplaw enforcement catch cyber criminals at your cost or else you could be fined or imprisoned for two years.
  • A court can order you topreserve any evidenceat your cost.
  • The Minister of State Security may declare that you have acritical information infrastructure. The Minister can issue directives on the minimum standards (for example, regards how you classify your data, protect it and secure it) that you must comply with. Every two years you will have to appoint an independent auditor to check that you comply, at your own cost, which could run into the tens of millions. State Security may monitor the audit and you must report back to State Security about the audit and provide them with any additional information they request. Your employees must assist the auditor, which will divert your valuable resources away from their day jobs. If you don’t do these things, you could be fined or imprisoned for two years.

For financial institutions (like banks)

  • All of the above, and
  • If you become aware that a crime has been committed, you mustreportthe offence to SAPS andpreserve any evidencein the manner prescribed by the Minister of Police at your cost. If you don’t, you could be fined R50 000.

For ICT companies (like service providers, ISPs, network operators, vendors)

  • All of the above, and
  • If you sell atoolthat could be used to commit a cybercrime, you are probably going to have to shut down that business, because selling such tools is a cybercrime.
  • You are going to have to initiate anextensive compliance programmeto ensure you process data in accordance with the law because your customers are going to look to you if they get into trouble. You might even have warranted in your contract that you will comply with all laws.

For individual users of computers (like your mother or a journalist)

  • If you send amessage(like a skype, tweet, whatsapp, or email) that is harmful (or could incite others to cause damage to property or hurt people), you could be fined or imprisoned for three years. You will have to be very careful of what youwrite in anemail, private messages and social media.
  • If you sharefake newson social media, you could be fined or imprisoned for three years. For example, if you distribute an article saying that parents should not vaccinate their children, you’re a criminal.
  • If you have atool(like an app on your phone that bypasses wifi passwords) that could be used to commit a cybercrime,you could be fined or imprisoned for 10 years.
  • If you share yourpasswordor access code with someone,you could be fined or imprisoned for 10 years. For example, if you share your online banking details and log-ins so someone can access your money, you could be a criminal.
  • If law enforcement finds you inpossession of a passwordthat they think you are going to use to commit a cybercrime and you cannot explain why you have it,you could be fined or imprisoned for five years. The onus is reversed, which means you have to prove your innocence.
  • If you commit an offence (which is easy to do) regards the computer system of afinancial institution or the state, and you will be fined more or imprisoned for longer.
  • Law enforcement has extensive powers tosearch, access and seizeyour data, computer or phone.

For parents (like me)

  • If your child if beingcyber bullied, you will have a better chanceof getting law enforcement to help you stop the bully. On the negative side, if your child is accused of bullying, the consequences could be severe.
  • If someone is distributingnude picturesof your child, you will have a better chance of stopping them. You could even get an interim order preventing others from sharing the pictures online. This is one of the few positive impacts of the Cyber Bill.
  • If you have a teenager in the house who has a computer, you will probably beharbouringa cyber criminal.

For Government, public bodies, or municipalities

  • The information infrastructure of all government bodies iscritical. This means that State Security are going to be telling you how to secure, protect and generally manage yourinformation infrastructure. For example, State Security will be telling Home Affairs how to process their data. If you don’t, you could be fined or imprisoned for two years.
  • Public bodies can only act if thelaw authorisesthem to do so. If the law does not authorise you to process data (including personal information), you could be fined or imprisoned for five years. This will put most public bodies into a state of paralysis for fear of committing a crime.

Forlaw enforcement and the judiciary

  • You are going to have tocomply with lots ofprocedures and rulesto prosecute people. You will have to undergo extensive training and be very careful what you do each day. Your job is going to get a lot harder because you are going to have to enforce this Cyber Bill.
  • You’re also a user, so you might also commit crimes in your personal capacity, and the Cyber Bill’s impact on you would be the same as other individual users.

How does the Cyber Bill impact Lawyers?

They are going to make lots of money – it’s party time.Bad laws (like the Cyber Bill) are good news for lawyers.