'Practical' Cyber Security Bill must speed up
SA's revised and newly proposed Cyber Crimes and Cyber Security Bill is much better than the 2016 draft, says Lucien Pierce, consultant at the IT audit, risk and cyber lab at BDO South Africa.
In a statement, Pierce says the 2017 draft of the Bill is clearer and in many ways more practical.
Last week, the Department of Justice and Constitutional Development published a revised 2017 draft of the Bill, which will be introduced to Parliament in the next few weeks.
The Bill aims to give SA a co-ordinated approach to cyber security, and puts in place measures to effectively deal with cyber crime and address aspects relating to cyber security.
The department further describes the Bill as a tool to address the current shortcomings in SA law and facilitate the effective prosecution of cyber crimes.
The quicker the Bill is passed into the law, the better, states Pierce.
"It, together with other laws like the Protection of Personal Information Act, will certainly enhance SA's information economy, bringing many benefits to the country."
Pierce notes the new draft might not sit well with some financial institutions, as some clauses in the 2017 draft have been extended to encompass them.
"[Chapter nine of the 2017 draft] is titled 'Obligations of Electronic Communications Service Providers and Financial Institutions'. The 2016 draft also dealt with these obligations under chapter nine, the difference being that the obligations were more onerous and did not apply to financial institutions."
Pierce adds: "The 2016 draft placed obligations on electronic communications service providers to take reasonable steps to inform clients of cyber crime trends, establish procedures for them to report cyber crimes and educate clients on cyber crime counter-measures.
"A further change that is likely to delight both electronic communications service providers and financial institutions, is that the maximum fine that may be levied for contravening this section (ie, failing to timeously report an incident and failing to preserve information) is capped at R50 000. The 2016 draft would have resulted in a fine of R10 000 per day from the time you became aware of an incident to the time you reported it."
To read the latest version of the Cyber Crimes and Cyber Security Bill, click here.