The Cybercrimes Act 19 of 2020 (“the Act”) has become law, creating a number of new offences relating to the use of computers, data and the internet. The date of commencement of the Act is yet to be announced.
Offences and penalties
The Act creates offences and imposes penalties for the following:
Malicious and harmful communication is criminalised:
The criminalisation of malicious communication will have a significant impact on individual computer users. Using email, WhatsApp or on any social media platform to send a text message that is inciteful, harmful, threatening or which discloses intimate images of a person without their consent can now result in a fine or imprisonment or both.
A person harmed (the complainant) can lay a charge with the South African Police Services that an offence in terms of the Act has been committed against them. The complainant may also apply to the Magistrates’ Court for a protection order, to prohibit any person to disclose the data message which relates to the charge, pending the finalisation of the criminal proceedings in the prescribed form and manner.
Obligation on electronic service provider and financial institution to report cybercrimes
The Act imposes obligations on electronic service providers and financial institutions who are aware or become aware that its electronic communications service or electronic communication network is involved in the commission of any cybercrime or malicious communication must, not later than 72 hours after becoming aware of the suspected offence, report the offence in the prescribed form and manner to the South African Police Service. Electronic communications services providers or financial institutions who fail to report any cybercrime or malicious communication will be guilty of an offence and liable on conviction for a fine of up to R 50 000.00.
Electronic service providers and financial institutions will have to preserve and provide any information which may be of assistance to the South African Police Service for investigating the office. Electronic service providers and financial institutions will have to acquaint themselves with the Act and create policies that comply with the Act.
The Act applies to both natural persons and juristic persons. Under section 19 of the Act any person who commits an offence under the Act or commits any of the abovementioned cybercrimes is liable on conviction for a fine or imprisonment for a period of up to 15 years or both.
Individual computer users and companies should acquaint themselves with the Act and be mindful and careful on how they deal with communication and data in business and everyday life.