Cybercrimes Act 2020

Cybercrimes Act

• Came into effect in 2020
• Aims to criminalize cyber-related offences and provide for the investigation, prosecution, and punishment of such offences
• Covers a range of offences, including:
  • Unlawful access to a computer system or data
  • Unlawful interception of data
  • Malicious communications networks
  • Cyberbullying
  • Ransomware attacks
  • Distribution of malware
• Provides for the establishment of a Point of Contact (PoC) to facilitate the reporting of cybercrimes and the sharing of information between countries

Online Privacy

*Protected in terms of the Constitution of South Africa, which guarantees the right to privacy *Regulated by the Protection of Personal Information Act (POPIA), which aims to promote the protection of personal information processed by public and private bodies *Key principles of POPIA include: + Accountability + Processing limitation + Purpose specification + Further processing limitation + Information quality + Openness + Security safeguards + Data subject participation

Internet Governance

• South Africa is a signatory to the African Union Convention on Cybersecurity and Personal Data Protection
• The .za domain is managed by the .za Domain Name Authority (ZADNA)
• The Internet Service Providers' Association (ISPA) is a self-regulatory body that aims to promote the development of the internet in South Africa
• The Film and Publication Board is responsible for regulating online content, including child pornography and hate speech

Electronic Evidence

• The Electronic Communications and Transactions (ECT) Act provides for the admissibility of electronic evidence in court
• Electronic evidence is considered to be as reliable as traditional evidence, as long as it is properly authenticated
• The ECT Act also provides for the legal recognition of electronic signatures and documents

Data Protection

• The Protection of Personal Information Act (POPIA) regulates the processing of personal information
• POPIA applies to all public and private bodies that process personal information
• Key responsibilities of responsible parties under POPIA include:
  • Ensuring the integrity and confidentiality of personal information
  • Implementing appropriate safeguards to protect personal information
  • Providing adequate training to employees on the protection of personal information
  • Ensuring that personal information is processed in accordance with the conditions for lawful processing

Cybercrimes Act

• Came into effect in 2020 to criminalize cyber-related offences and provide for their investigation, prosecution, and punishment
• Covers various offences, including:
  • Unlawful access to computer systems or data
  • Unlawful interception of data
  • Malicious communications networks
  • Cyberbullying
  • Ransomware attacks
  • Distribution of malware
• Establishes a Point of Contact (PoC) for reporting cybercrimes and sharing information between countries

Online Privacy

• Protected by the Constitution of South Africa, guaranteeing the right to privacy
• Regulated by the Protection of Personal Information Act (POPIA), promoting the protection of personal information
• Key POPIA principles:
  • Accountability
  • Processing limitation
  • Purpose specification
  • Further processing limitation
  • Information quality
  • Openness
  • Security safeguards
  • Data subject participation

Internet Governance

• South Africa is a signatory to the African Union Convention on Cybersecurity and Personal Data Protection
• The.za domain is managed by the.za Domain Name Authority (ZADNA)
• The Internet Service Providers' Association (ISPA) promotes the development of the internet in South Africa
• The Film and Publication Board regulates online content, including child pornography and hate speech

Electronic Evidence

• The Electronic Communications and Transactions (ECT) Act makes electronic evidence admissible in court
• Electronic evidence is as reliable as traditional evidence if properly authenticated
• The ECT Act also recognizes electronic signatures and documents legally

Data Protection

• The Protection of Personal Information Act (POPIA) regulates personal information processing
• POPIA applies to all public and private bodies processing personal information
• Responsible parties' key responsibilities under POPIA:
  • Ensuring personal information integrity and confidentiality
  • Implementing safeguards to protect personal information
  • Providing employee training on personal information protection
  • Processing personal information in accordance with lawful processing conditions

Cybercrimes Act

Overview

• The Cybercrimes Act, 2020 aims to combat cybercrime and promote cybersecurity in South Africa.

Provisions

Hacking

• Unauthorised access to a computer system or network is punishable by up to 5 years imprisonment or a fine.

Phishing

• Fraudulent activities involving the use of computers or networks to obtain sensitive information is punishable by up to 5 years imprisonment or a fine.

Malware

• Distributing or making available malware is punishable by up to 5 years imprisonment or a fine.

Ransomware

• Demanding payment in exchange for restoring access to encrypted data is punishable by up to 10 years imprisonment or a fine.

Cyberbullying

• Harassing or intimidating a person using a computer system or network is punishable by up to 5 years imprisonment or a fine.

Data Breaches

• Failure to report a data breach within a reasonable time may result in a fine or imprisonment.

Jurisdiction

• The Act applies to cybercrimes committed in South Africa and those committed outside the country if the perpetrator is a South African citizen or resident.
• The Act also applies to cybercrimes that affect a computer system or network in South Africa, regardless of where the perpetrator is located.

Enforcement

• The South African Police Service (SAPS) is responsible for investigating and prosecuting cybercrimes.
• A Cybercrime Unit will be established within the SAPS to focus on cybercrime investigations.
• The Act provides for international cooperation in the investigation and prosecution of cybercrimes.

Penalties

• Fines of up to R10 million (approximately USD 650,000) or imprisonment for up to 10 years, or both, can be imposed for certain offences.
• Civil liability for damages caused by cybercrimes is also provided in the Act.