The Cybercrimes Bill has been signed by the president and will now be known as the Cybercrimes Act 19 of 2020 (the Cybercrimes Act). This development is a welcome move in the fight against the ever-increasing rise in online and internet-based crime. Although signed into law, the Cybercrimes Act (or different sections of it) will only come into operation on a date to be announced by the president. It is not clear when such date/s will be announced.
Cybercriminals will (hopefully) feel the ramifications of this new law, which criminalises various types of cybercrimes, including illegally accessing a computer system or intercepting data, cyber fraud, cyber forgery, unlawfully acquiring a password or access code, cyber extortion, and theft of incorporeal (intangible) property. The wide ambit of jurisdiction created by the Cybercrimes Act means that South African courts will have the power to try persons that are not South African citizens, as well as persons that commit crimes in other countries, where this affects a person or business in South Africa.
The National Commissioner of the South African Police Services (SAPS) is required to establish or designate an office within existing structures of the SAPS, to be known as the "designated point of contact". This office will be responsible for assisting with proceedings or investigations into a cybercrime. The SAPS is given extensive search and seizure powers under the Cybercrimes Act, including, in some instances, the power to search and seize without a search warrant.
It is particularly important for electronic communications service providers and financial institutions to familiarise themselves with the reporting and other obligations imposed on them under the Cybercrimes Act. These obligations include, for example, reporting a cybercrime involving their electronic communications service or electronic communications network to the SAPS within 72 hours of becoming aware of it; and providing technical and other assistance to a police official or investigator in carrying out a search and seizure.
Electronic communications service providers and financial institutions will need to have processes and policies in place in order to ensure compliance with the Cybercrimes Act, including in relation to the preservation of data and preservation of evidence in the event that its electronic communications service or electronic communications network is involved in the commission of a cybercrime.
Contact our dedicated team of cybercrime experts to support your business with understanding the Cybercrimes Act and ensuring compliance.