The Cybercrimes Act: Does It Effect Me Professionally?
The cyber world has been compared to the wild west, keyboard cowboys at the ready to pull off the latest data robbery or crypto fraud. While regulating such an industry is tough and getting perpetrators to face a judge even tougher, The Cybercrimes Act aims to make this easier for the good guys.
What is The Cybercrimes Act?
This Act brings forward measures that jump over the current hurdles law enforcement can face when trying to bring criminals to justice. It defines what exactly is consider a crime, a slippery slope previously where it all came down to interpretation and how well you hid your tracks, as well as enabling law enforcement to enter into agreements with foreign states to better their investigations into cyber criminals. It not only imposes obligations to report cybercrime but aims at creating set point of contacts within organisations to report cybercrime too.
What is a Cybercrime?
While most of us would not label ourselves as cyber criminals there might be trivial things that we do in our everyday lives at work that are now classified as infringements on the law.
There are the obvious candidates, involving extortion, forgery, and fraud, we should all know these are not great charges to be facing and we are aware of the actions resulting in these charges look like. However, when diving deeper into the Act, we uncover lesser-known infringements that might be overlooked in your daily work life but could pose profound consequences.
If you quickly use a friend's login to grab some information you need for an article, something you are not authorised to do, you are unlawfully and intentionally gaining access to a computer system and therefore are guilty of unlawful access. Without an exculpatory explanation, you are guilty. In majority of these cases, you are guilty until you can prove your innocence.
You do not have to be the one actively stealing incorporeal property or gaining unlawful access. If you are in possession of information that has been unlawfully obtained and you are aware or should have reasonably suspected so, you are considered as guilty as the original perpetrator.
When a company is a victim of a data breach, gone are the days when you can try sweep it under the carpet and maintain a bit of PR. The Cybercrimes Act requires companies to report the incident to SAPS no later than 72 hours after becoming aware of the breach. Furthermore, once you report it the company is required to cooperate with law enforcement, which may involve handing over data and hardware as well as preserving any potential evidence. Failure to do so will garner a hefty fine.
In order to be guilty, you must have committed a crime, correct? Not according to the cybercrimes act. Inciting violence, damage to property or theft is a punishable offence. In layman’s-terms if you send a data message to a person or group of people that incites violence you can be charged. This includes forwarding a message; you are as liable as the original author.
How much trouble am I in?
The jurisdiction coverage of the act is broad, empowering the victim. So, before you think you can commit a cybercrime and then quickly hop on a plane, let us investigate the details of the court’s juridical power to try you.
You can be tried in a South African court for a breach in The Cyber Crimes Act:
If you are a citizen/ordinary resident of SA
You commit the crime in SA territory
On board a vessel/plane required to be registered in South Africa
If the act committed is against any citizen/company/government of SA
Should your company fail to process data correctly or collect/access data unlawfully you could be facing a fine and up to 5 years in jail. If your company takes a step further and does not comply with law enforcement in handing over all evidence/not preserving evidence the penalties escalate to bigger fines and up to 15 years in prison. As cybercrime is becoming more prevalent, courts are tending towards the harsher side of penalties as they aim to crack down on perpetrators and set examples for the future.
How does this effect everyday life in my business?
This Act adds a layer of consequences we could all now face should we not be continuously aware of our actions. Actions that you have previously viewed as harmless, forwarding a silly message along, could land you in some hot water.
Furthermore, if your company deals with people’s private information you need to ensure you are doing so legally, complying with all the regulations and processes required by the Cybercrimes Act. There are companies that offer these services, which may seem like a grudge purchase but in the long run it is going to save you many headaches.
While you might not be actively waking up every morning trying to break the law, we should all be familiar with the laws this Act brings into play and be aware of our actions that could potentially be violating said laws.
Overall, the Cybercrimes Act empowers law enforcement and yourself as a victim of cybercrime. However, the consequences for the perpetrator, should you find yourself on the wrong side of the law, are much harsher.