Unpacking the regulations governing security for organisations and individuals in 2023
Regulation is playing an increasingly important role in cybersecurity. The Protection of Personal Information Act (POPIA) that came into effect in July 2020, puts clear mandates in place for the security of personal information and data protection. Its cybersecurity expectations, outlined in Section 19, are clearly laid out for every organisation to read, apply and adhere to. In 2022, additional regulations and proposals have been put in place to further drive the cybersecurity agenda, such as the Democratic Alliance (DA) private members’ bill and the Cyber Crime Act.
“In 2021, the President signed the Cybercrimes Bill into law and certain elements of that law came into effect as of 01 December of the same year,” says Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA. “It outlines cyber fraud, theft of incorporeal property, harmful messages, unlawful images and incitement of damage as part of its mandate. The goal of this legislation is to give more protection while adding some bite to the government bark.”
The Cybercrimes Act had some elements come into play as of December 2021, but is still in progress with others. However, for the past year, the Act has enforced a number of key areas around cybercrime that are worth unpacking. The sections that have been in play over the last year include Chapters 1-4 and Chapters 7-9. The first four chapters look at the definitions of cybercrime; the different types of cybercrime, such as malicious communications and cybercrimes themselves; the jurisdiction that allows for South African courts to try cybercrimes; and the powers given to the police to search, access and seize anything that may fall under the Act.
The other three chapters, 7-9, look at how cybercrime evidence can be submitted; reporting obligations; and general provisions such as laws and amendments. The remaining sections will be activated as soon as the President announces them, but for now, these eight Chapters should be a key focus for organisations and citizens.
“It is important for companies to unpack how these different Chapters will influence the business, and how you do business, and to put processes in place that will ensure they are aligned,” says Collard. “This can be anything from impact training and assessments that determine the full scope of the Act’s influence, through to security training and awareness to ensure that the culture of the organisation is aligned with the law.”
Another potential shift in the cybercrime landscape is a recent submission by the DA to introduce a private member’s bill entitled the Constitution Eighteenth Amendment Bill, 2022. The goal of this bill is to change the constitution so it provides for the implementation of a Cyber Commissioner – a person dedicated to dealing with, managing and resolving the challenges around cybercrime. The Bill suggests that the public sector is at risk due to underfunding, limited expertise and isolated silos of information and that state departments are vulnerable to cyberattacks.
The Bill seeks to ensure that a Cyber Commissioner be tasked with “supporting and strengthening constitutional democracy in South Africa by advising, monitoring and establishing cybersecurity capabilities in the public sector”.
“It will be very interesting to see how far these Acts and Bills progress and how much impact they will have on cybercrime within the country and on organisations,” concludes Collard. “It is an interesting space right now, and the South Africa cybercrime Act is a step towards proactive engagement with the risks of cybercrime and in ensuring that the citizens of the country are protected as much as possible. We now have to also focus on capacity building to equip enforcement groups. As these regulations and initiatives evolve and mature, they could very well help shape security hygiene and approaches on the continent.”
Since 2009, WhichVoIP.co.za has helped thousands of South African businesses to make better buying decisions for phone systems, VoIP, and connectivity. During this time, we’ve facilitated the connection of 45 000+ users through our network of 500+ telecom providers in our directory.