The advent of the Covid-19 pandemic has meant that we are spending more time than ever using our electronic devices. It’s not surprising that crimes related to cyber-security vulnerability and breaches such as internet fraud, email hacks and having one’s privacy compromised by hackers and other entities have become commonplace.

The problem with our law on such crimes is that it is out of date and we are running to catch up with the new and ingenious ways people have of committing crimes. So, we needed a Cybercrimes Act in order to make sure we can use the law effectively to stop cybercrime.

Such a cybersecurity law needs to protect us on three levels: protecting our personal data, protecting our devices, and protecting the networks we use (the infrastructure that connects us to the internet and other people). Our rights to privacy, our right to freedom of expression and our right to access information must be protected. We should not be denied access to our own data by criminals holding our information hostage, or find our bank accounts emptied of their contents.

On 28 August 2015, the first Cybercrimes and Cybersecurity Bill (2015) was published. The final Cybercrimes Bill (2017) was introduced in Parliament on 22 February 2020 and was required to go through multiple public participation processes for comment, during which extensive changes were made. The president of South Africa, Cyril Ramaphosa, signed the Cybercrimes Act (Act 19 of 2020) on 26 May 2021, and has now signed a Presidential Minute indicating that the commencement date of the Cybercrimes Act will be 1 December 2021. Some sections won’t commence immediately, and it is of concern that they are not operational.

Sections of the act dealing with revenge porn are not yet in operation [Section 11B, 11C, 11D and Section 56A(3)(c)-(e) of the Criminal Law (Sexual Offences and Related matter Amendment Act)]. These sections deal with what the act calls the harmful disclosure of pornography. This is understood to be where someone discloses intimate photographs of another person, often on social media, without that person’s consent, with the intention of causing harm, “including mental, psychological, physical, social or economic harm”.

Sections of the act which deal with issuing of protection orders are also not operational (Part VI of Chapter 2). A complainant who lays a charge with the South African Police Service that such an offence has allegedly been committed against them can apply to a magistrate’s court for a protection order pending the finalisation of the criminal proceedings.

These sections are an important part of the cybercrime framework, and it is concerning that we must wait for their long-overdue implementation.

Stopping cybercrime is of course not only the responsibility of law enforcement and prosecutors. We all have a role to play in combating cybercrimes and need to stay alert for such things as phishing, and keeping our anti-virus software updated.

One way to think of cybercrime is to think of it exactly like a virus, like Covid-19. If we all are vaccinated and stay home if we are infected, we can contain the disease. If many of us do not take these precautions, we are all at risk. DM

Sizwe Snail ka Mtuze is a practising attorney and Adjunct Professor at Nelson Mandela University as well as outgoing member of the Inaugural Information Regulator. Alison Tilley is an attorney and a part-time member of the Information Regulator.