Regulatory quagmire awaits SA's IT businesses
This year will present a regulatory quagmire for South African organisations, especially those involved in the information technology space.
Law firm Michalsons has made some predictions on the new legislations that it believes will have the biggest impact on local businesses.
SA has a number of laws that have been in the pipeline for some years and most of these regulations will come into play this year.
Michalsons believes that in 2017, data protection compliance will become urgent. This is because of the imminent Protection of Personal Information Act (POPI) - SA's data protection law. The POPI Act was signed by the president on 19 November 2013 and published in the Government Gazette on 26 November 2013. On 10 May 2016, the Portfolio Committee on Justice and Correctional Services shortlisted five candidates for the office of Information Regulator.
In October last year, a government statement confirmed the appointment of Pansy Tlakula as full-time member and chairperson of the Information Regulator.
According to Michalsons, the general data protection regulation grace period enters its second and final year, and the law firm expects POPI to commence by 24 May 2017 with a one-year grace period.
"This will mean that by 24 May 2018, you must comply with these privacy and data protection laws, whichever applies to you," says John Giles, a legal advisor at Michalsons. "There is no time to lose and much of the hard work needs to be done in 2017, especially the implementation action items."
He urges organisations to pay attention to outliers in different jurisdictions that could cause them problems or have additional data protection requirements.
Wayne Clarke, MD of Metrofile Records Management, points out that realistically, South African businesses should already have started their POPI implementation processes, in order to ensure compliance by the cut-off date.
"Converting any company's records and information systems to reach a state of compliance is a long and expensive process, which is why organisations realistically require a multi-year time frame. That said, it is not impossible for a company to reach a state of compliance within 12 months," says Clarke.
Drone, robot law
According to Michalsons, as more and more people buy and use drones and robots, drone law and robot law will grow in significance.
Regulations for drones, also known as remotely piloted aircraft or unmanned aerial vehicles, were put in place by the South African Civil Aviation Authority in July 2015. The local industry has since lamented that the regulations are comprehensive but limiting.
"Many people will find these laws difficult to comply with and, therefore, there will be much unlawful flying of drones," says Michalsons.
It also believes access to, or freedom of, information will be another bone to chew in 2017. "Who has access to what information when will continue to be at the heart of many disputes," the law firm says.
It points out that in today's information society, information empowers and those who are denied access to information will be disempowered and will be excluded from economic opportunities. "If you are focusing on privacy compliance, you also have to focus on access to information compliance because they are two sides of the same coin," Giles says.
Michalsons also predicts there is a good chance organisations will be the targets of cyber crime, cyber attacks or suffer a massive incident of data, or intellectual property, fraud or theft this year.
"Dealing with the fallout, including legal aspects, will take months to contain. You need to prepare in advance so that you are best placed to take action when the incident occurs and time is of the essence."
Copyright amendments will also exacerbate the challenges, the law firm notes. It is of the view that technology is shaping many different areas of law and this requires law reform. Many copyright laws are old and outdated and are currently being amended, says Michalsons. "There will be major changes to existing copyright laws this year, which will have an impact on your intellectual property."
Giles says managing the legal aspects of technology disruption is something South African organisations must also attend to.
He believes technology will continue to disrupt all industries and organisations, and raise many interesting and difficult legal questions.
"For example, business will push to use electronic signatures rather than hand-written signatures. Knowing electronic signature law is vital to achieve this. Imagine having thousands of documents signed with an electronic signature only to find out that they are not legally enforceable."
The law firm also notes that in 2017, stakeholders will demand that governing bodies apply good governance, especially IT governance, risk and compliance for organisations that are dependent on information technology.
For example, it explains, citizens will demand that government and other public bodies follow laws and codes that set out the responsibilities of the governing body. So too will shareholders demand that boards apply the King Report and Code, it notes.
It also points out that as the use of the cloud increases so do the related disputes and legal issues. Ensuring companies comply with applicable regulatory requirements in multiple jurisdictions across Africa and the rest of the world becomes very important, it adds. "Governments in many countries will try to get access to data held in the cloud. The term cloud compliance, together with cyber security, will be mentioned often in boardrooms."
Michalsons believes 2017 will see plain legal language becoming the norm. It argues that for years, lawyers have drafted in legalese with a few exceptional documents being in plain legal language. However, it says people were resistant to plain language. In 2017, plain legal language is the norm and people expect all legal documents to be plain, it concludes.