Certain sections of the Cybercrimes Act came into effect on Wednesday, which means it is now a criminal offence to, among other things, send messages on social media that threaten to harm someone or damage their property.
However, the provision that obliges electronic communications service providers and financial institutions (as defined by the Financial Sector Regulation Act) to report cyber offences to the police within 72 hours of becoming aware of them is one of the sections that is not yet in force.
The Act defines “data” as “electronic representations of information in any form” and “data message’’ as “data generated, sent, received or stored by electronic means, where any output of the data is in an intelligible form”.
The Act does not define “cybercrime” but creates a number of offences that are now punishable by a fine or imprisonment of up to 15 years, or both. These offences include:
- Unlawfully accessing a computer system or computer data storage medium, allowing for data to be intercepted or the data or computer system to be interfered with.
- Unlawfully intercepting data – for example acquiring, viewing, capturing or copying any non-public data to make it available to a person other than the lawful owner or holder of the data.
- Unlawfully interfering with a computer program, data program or computer system – for example, through deleting, altering or damaging the program or system.
- Committing cyber fraud, such as unlawfully accessing someone’s personal identity, bank accounts and other information to steal information or money.
- Cyber forgery – for example, unlawfully replicating a digital signature.
- Cyber extortion – for example, threatening to share someone’s sensitive information publicly unless a demand is met, such as paying a ransom.
- Theft of incorporeal property, such as shares in a company.
The Act also criminalises what it calls “malicious communications”. In particular, these are data messages that:
- Incite violence or damage to property;
- Threaten people with violence or damage to property; or
- Contain an intimate image.
The sections of the Cybercrimes Act came into effect from 1 December are:
- Chapter 1: Definitions and interpretation
- Chapter 2: Codifies cybercrimes – all parts except Part VI, which deals with the orders that can be granted to protect complainants from the harmful effect of malicious communications.
- Chapter 3: Jurisdiction relating to cybercrimes
- Chapter 4: Powers to investigate, search, access or seize – all sections except sections 38(1)(d) and (f), 40(3) and (4), and 41 to 44.
- Chapter 7: Evidence can be provided by affidavit
- Chapter 8: Reporting obligations and capacity-building – all sections except section 54, which obliges electronic communications service providers and financial institutions to report offences.
- Chapter 9: General provisions. This chapter includes a schedule of laws that are repealed or amended – all sections except for certain amendments to the Criminal Law (Sexual Offences and Related Matters) Amendment Act of 2007.
Chapters 5 (mutual assistance of foreign states) and 6 (the establishment and powers of the designated Point of Contact) are not yet in force.
Werksmans Attorneys says the Act now gives South Africans the legislative means to protect themselves against criminal activity that previously escaped prosecution. Also, South Africa now joins the rest of the world in having enacted similar legislation to deal with online-based offences.