Legislation dealing with the interception of communications is now in effect after being published in the Government Gazette with the date of operation set at 30 September.
The Regulation of Interception of Communications and Provision of Communications-Related Information Act, number 70 of 2002, and also known as RICA, was passed by Parliament and promulgated on 30 December 2002.
However, its date of coming into effect was suspended until a notice appeared in the Government Gazette. The notice appeared last week. The suspended implementation was to allow for companies to comply with the Public Access to Information Act.
Wim Mostert of attorneys Mostert Opperman Goodburn says this means the Act, with the exception of sections 40 and 62(6), is already law.
In terms of the Act, no one may intercept "direct" (predominantly oral discussions) or "indirect" communications (which includes telephone, cellphone, e-mail, instant messaging and SMS). Offences are punishable by a fine of up to R2 million or imprisonment of up to 10 years.
However, the state can intercept communications after obtaining a court order.
The Act also places the onus on Internet service providers (ISPs) and cellular network providers to make it possible to intercept e-mails and cellphone calls. They will have to install the necessary technology and set up data lines to provincial interception centres at their own cost.
Furthermore, ISPs and cellphone operators will have to retain e-mail and call-related information for specified periods. However, the state can only intercept communications after obtaining a court order.
The sections that are not operational yet deal with cellphone users giving the network operators personal information and become operational from 31 November.
Employee e-mail rules change
Mostert says this Act will dramatically impact the way in which companies manage employee e-mails.
He says that unless an employee`s "written consent" is obtained, e-mail may only be monitored if all the following conditions are met:
(1) The practice of monitoring of e-mails must be authorised by the employer`s CEO or by a person to whom such authority has been delegated.
(2) The monitored e-mail must relate to the business of the employer or must be sent/received by an employee in the course of carrying on the business of the employer.
(3) The purpose of the monitoring must be to monitor or keep record of e-mails to:
(a) Establish the existence of facts;
(b) Investigate or detect unauthorised use of the e-mail system; or
(c) To secure the effective operation of the e-mail system.
(4) "Reasonable efforts" must be used to inform employees and third-parties "in advance" that e-mail may be monitored.
Failure to comply constitutes an offence punishable by a fine of up to R2 million or imprisonment of up to 10 years, he says.
Mostert says it is advisable for all employers to implement and maintain a formal company policy on the monitoring of all communications as soon as possible, including e-mail, phone and mail. Existing policies must be reviewed to ensure compliance with the Act, he says.
He says additional measures should include employee awareness training, amending customer contracts, e-mail disclaimers and automated disclosures where calls are recorded.
Share