The lowdown on the cyber security Bill
The Cyber Crimes and Cyber Security Bill (cyber security Bill) is necessary for the security of the country but would have to be revised.
So said John Giles, managing attorney at Michalsons, speaking at the ITWeb Governance, Risk and Compliance Summit in Johannesburg today.
The Bill is a new draft law that was published for comment on 28 August 2015.
Although the Bill's aim is to stop cyber crime and improve the security of SA's Internet users, in its current form it gives the government too much power, said Giles.
He said the Bill was needed to protect the country against cyber criminal activities from other nation states, as well as hackers, but in its current state would cause more harm.
The legislation will create many new offences - about 50 - some related to data, messages, computers and networks, said Giles.
The Bill has negative implications for free speech, freedom of the media, IT professionals and any companies whose IT infrastructure the national security agency declares 'critical'.
The penalties of committing an offence range from one year to 25 years' imprisonment or a fine of R1 million to R25 million, he added.
Giles said at the moment, SA has too many laws that are too complex and are difficult to comply with.
The Bill is an example of this - it creates disconnect between the constitutional framework and the reality on the ground, he continued.
He argued the law needed to be dramatically simplified. "The language of the Bill is too legalistic, too long (128 pages) and complicated. As a result, no one knows what the Bill is about."
It also overlaps with many existing laws, noted Giles. "There is a balancing act between the Protection of Personal Information Act and the cyber security Bill - the two laws need to be balanced."
Also, the country has no budget and skills to implement the Bill, said Giles. Many countries around the world have cyber crime legislation and it will be advisable for SA to look to the European Union for an example of how to write one, he concluded.