South African companies should brace themselves for visits from cyber inspectors, warns Bernard du Plessis, a tax partner from PricewaterhouseCoopers.
He says this is in line with the recently introduced Electronic Communications and Transactions Act, which provides a framework for the regulation of electronic communications and transactions.
Du Plessis says that in terms of the Act, the director-general of the Department of Communications may appoint an employee of the department to act as a cyber inspector, whose duties include the monitoring and inspection of any activities of a Web site or information system in the public domain.
"The legislation, which is aimed at preventing the abuse of information systems, is designed to protect the interests of the public," he says.
"The cyber inspector will report any unlawful activity and may, at any reasonable time, without any prior notice and on the authority of a warrant, enter any premises or access an information system that has bearing on an investigation."
For the purpose of the Act, a Web site means any location on the Internet containing a home page or Web page, while an information system means a system for generating, sending, receiving, storing, displaying or otherwise processing data messages, and includes the Internet.
"Accordingly, any business must provide a cyber inspector with access to data on his information system and Web site, and a search and seizure warrant may be issued where an offence has been committed.
"Refusal to co-operate carries a penalty of a fine or imprisonment for a period not exceeding 12 months," says Du Plessis.
He says this legislation provides assistance to any statutory body with powers of inspection or search and seizure in terms of any law to apply for assistance from a cyber inspector to assist in an investigation.
"The South African Revenue Services (SARS), for example, has the power of inspection or search and seizure. Therefore, SARS may obtain the assistance of a cyber inspector to assist in an investigation of a taxpayer`s affairs.
"However, the cyber inspector`s powers are limited to the monitoring and inspections of Web sites and activities on an information system in the public domain," says Du Plessis. "He therefore would not have the power to inspect the private information systems of companies, except to the extent that it relates to the company`s Web site or information system to which the public has access."
Share