Information Technology & Cyber Law
Business & Legal Documents
a) the consumer must return the performance of the supplier or, where applicable cease using the services performed; and
b) the supplier must refund all payments made by the consumer minus the direct cost of returning the goods.
Section 43 (5) states that the supplier must utilise a payment system that is sufficiently secure with reference to accepted technological standards at the time of the transaction and the type of transaction concerned.
In terms of section 43 (6) the supplier is liable for any damage suffered by a consumer due to a failure by the supplier to comply with subsection (5).
ECTA does not however deal with labour issues such as privacy of e-mails sent and received by an employee. This topic is dealt with by the controversial Regulation of Interception of Communications and Provision of Communication-Related Information Act No. 70 of 2002 (RICA), which came into operation in September 2005, and which states that on pain of a maximum fine of R2 million or imprisonment of a maximum period for 10 years, an electronic communication cannot be intercepted except in the following three circumstances: –
1. A party to the communication has consented to the other intercepting it;
2. The interceptor is a party to the communication;
3. A court order.
However, Section 6 of RICA provides that any person (including an employer) may in the course of carrying on any business intercept any indirect communication relating to that business if:
1. The interception is effected with the consent of the system controller; and
2. The telecommunication system concerned is provided for use in connection with that business; and
3. The system controller has made reasonable efforts to inform in advance the person concerned, that indirect communications may be intercepted with the express or implied consent of that person.
The interception may be made only for the purposes of:
1. Keeping a record for investigation of the unauthorised use of the system or to establish existing facts; or for
2. Monitoring indirect communications made to a confidential support service.
(Form 8.1 deals inter alia (amongst other things) with the interception of e-mails for employees and abuse by them of the internet.)
Section 51 of ECTA deals with the collection and dissemination of personal information of a data subject and provides that such information can only be collected with the written permission of the data subject. The data controller, i.e. the person or entity that electronically requests or collates the personal information must subscribe to all of the principles outlined in Section 51 if the parties enter into such an agreement. The rights and obligations of the parties are governed by the agreement entered into between them. However, Section 50 states it is not obligatory for the parties to have such an agreement. It follows that the provisions of Section 51 are not compulsory upon website operators. They are therefore of limited value. Whilst privacy rights of Europeans are protected in the EU Data Protection Directive and the privacy rights of the British by the Data Protection Act in the UK, the USA favours self-regulation of privacy rights in the Internet industry.
It is prudent that a website informs site visitors that it uses a cookie which is a potential invader of the privacy of a visitor to a website. A cookie is a computer storage data programme which enables a website server to record a visitor’s activities from the visitor’s computer hard drive. The information in the cookie is then available to the website server and is used by it to analyse the viewing habits of the visitor. The cookie facilitates interaction between the visitor and the server. It does not scan the visitor’s hard drive and extract such information as credit card details or passwords.
Rather it obtains such information as the visitor’s internet protocol (IP) address i.e. the website numerical address, his operating system, web pages visited on the site, length of visit, the expiry date of the cookie, the date when it was created and the visitor’s browsing habits. There are two types of cookies: Memory cookies and persistent cookies. The memory cookie exists only in the internet user’s computer memory and disappears when the user closes his web browser. The persistent cookie has an expiration date and is stored by the website server in the internet user’s hard disk without the latter’s consent until that date. Unless the website server links the visitor’s details with personal identifiable information, it is considered that monitoring website activity is not a violation of the visitor’s right to privacy, or at the most, not a serious violation. The website server will also fall foul of the unfair Business Practices Act 71 of 1988 if it uses persistent cookies to compile user preferences and combines such information with personal identifiable information such as a postal address or e-mail address without the visitor’s consent.
It is a growing trend for website owners to post privacy policies on their websites, stating what kind of information will be collected and how it will be used e.g. non-disclosure of personal information to third parties. It is important to display the policy at the beginning of the website to ensure the visitor sees it and reads it and to ensure compliance with Section 6 of RICA.
In the European Union the Directive on Privacy and Electronic Communications came into force on 31 July 2002. With regard to cookies it provides that cookies be used by website operators provided that:
1. The internet user is provided with clear and comprehensive information about the purpose for which the cookie will be used; and
2. The internet user is given the opportunity to refuse the acceptance of a cookie.
In any event, Section 14 of the Constitution of South Africa states that “Everyone has the right to privacy, which includes the right not to have … (d) the privacy of their communications infringed”. Consumer protection is dealt with in Chapter 7 of ECTA but it does not extend to privacy protection. Internet users place a high premium on their online privacy.
Where persistent cookies are employed it is suggested that a privacy policy be displayed on the website operator’s home page.
From the viewpoint of the visitor, the following methods of self-help measures against the infiltration of cookies are available: –
1. Click on the opt-out option (if any) provided by the website operator;
2. Adjusting the computer to reject cookies, if possible;
3. Installing anti-cookie software;
4. Adjusting the hard drive files.
(Form 8.2 sets out a privacy policy dealing with cookies for display on the website.)
Spamming is defined as unsolicited bulk and/or commercial electronic communications. Even a single unsolicited commercial communication is regarded as spam. In terms of the Electronic Communications and Transactions Act No. 25 of 2002 (ECTA) spam excludes unsolicited telephone calls, post and faxes but includes e-mail and SMS.
In terms of Section 45(1) of ECTA: “Any person who sends unsolicited commercial communications to consumers, must provide the consumer:
a) with the option to cancel his or her subscription to the mailing list of that person; and
b) with the identifying particulars of the source from which that person obtained the
consumer’s personal information, on request of the consumer.”
ECTA therefore does not outlaw spamming but it does provide the consumer with opt-out rights that may be enforced against the sender. The spammer should provide a link from the e-mail message to an opt-out page on the spammer’s website.
A spammer could be liable to a fine or imprisonment for up to 12 months in terms of Section 89(1) of ECTA for failure to provide the recipient with the requested information in terms of Section 45(1). The recipient may initiate civil or criminal proceedings if his/her personal information was obtained through illegal or unconstitutional means..
Products | Category | Price | Action |
---|---|---|---|
8.1 E-mail and Internet Usage Policy for Employees.doc (2 pages) E-mail is fast replacing the telephone. Cyberslacking describes the phenomenon of employees surfing the internet or indulging in social e-mailing. It is important to create a Company Policy of e-mail and other telecommunication system use regarding such aspects as privacy, employer monitoring, offensive e-mail, surfing the internet and security risks. | 08. Information Technology & Cyber Law | (2 credits) | Add to cart |
8.2 Privacy Policy.doc In order to ensure compliance with Section 6 of RICA regarding the use of a persistent cookie, it is advisable to display a privacy policy which should be displayed at the commencement of a website on the home page.? 8 (iii) 2019 Edition | 08. Information Technology & Cyber Law | (2 credits) | Add to cart |
8.3 E-mail Disclaimer.doc This is a confidentiality provision for insertion at the conclusion of e-mails. | 08. Information Technology & Cyber Law | (2 credits) | Add to cart |
8.4 Opt-Out.doc This form is obligatory for unsolicited commercial communications or ?spam? sent via the e-mail and gives the recipient the opportunity to opt-out from future communications. Social pressures and industry regulation have little effect on ?spam?. The main reason is that these rules and guidelines lack enforcement mechanisms. Certain countries have anti-spam bills but not all. In terms of Section 45(1) of ECTA spamming is not outlawed but the consumer is provided with rights enforceable against a spammer. A spammer must provide a recipient with an opt-out option. The Act does not state how this should be done. An opt-out page on a spammer?s website will be sufficient. If the recipient enforces his option and the spamming continues, the spammer is guilty of an offence. In terms of ECTA spamming excludes unsolicited telephone calls, post and faxes but includes e-mails and SMS?s. | 08. Information Technology & Cyber Law | (2 credits) | Add to cart |
8.5 Confidentiality Caution.doc This is a confidentiality caution relating to emails, and requests that the transmitter be notified if the transmission goes to the incorrect address. | 08. Information Technology & Cyber Law | (2 credits) | Add to cart |
8.6 Website Jurisdictional Disclaimer.doc This is for use when a stipulation as to the choice of law or of the court (forum) to hear any dispute may not be enforceable by the country from whence the customer comes. This disclaimer should be clearly displayed and at the top of page 1 of the website. A further disincentive would be to omit quoting prices in the currencies of the excluded jurisdictions. | 08. Information Technology & Cyber Law | (2 credits) | Add to cart |
8.7 Website General Disclaimer.doc Contains a disclaimer against liability against damages from reliance on information on a website. This must be displayed prominently at the beginning of a website. | 08. Information Technology & Cyber Law | (2 credits) | Add to cart |
8.8 Software Licence Agreement.doc This agreement provides for the payment of licence fees to a software provider who retains ownership of the software he provides. The clauses can be used in a more comprehensive agreement or the important general clauses of an agreement (see Form 1.1) could be added to complement this agreement. | 08. Information Technology & Cyber Law | (2 credits) | Add to cart |
8.9 Information Technology Agreement.doc (17 pages)? This is a specimen information technology (IT) back-to-back agreement between
1) a contractor:
a) who designs software systems for telecommunication operators and sells? hardware; and
b) who has already entered into a contract with a telecommunications client that operates in various African countries south of the Sahara (who is not a contracting party to this agreement); and
2) a sub-contractor
a) who specialises in developing the type of software required by the client; and
b) will provide all the necessary hardware for the client.
Certain of the contents of the agreement should be useful for adaption in other IT agreements since each agreement will differ from the next. Due to the complex nature of an IT agreement it is most advisable to consult with an attorney before finalising it. 8 (iv) 2019 Edition | 08. Information Technology & Cyber Law | (2 credits) | Add to cart |
8.10 Website Privacy Policy Certain of the contents of the agreement should be useful for adaption in other IT agreements | 08. Information Technology & Cyber Law | (2 credits) | Add to cart |
8.12 Combined Website Policy (customised goods) Certain of the contents of the agreement should be useful for adaption in other IT agreements | 08. Information Technology & Cyber Law | (2 credits) | Add to cart |
8.13 POPI Checklist Certain of the contents of the agreement should be useful for adaption in other IT agreements | 08. Information Technology & Cyber Law | (2 credits) | Add to cart |