NEW

What can I do if a photographer posted photos of my children on social media without my permission?

I was recently contacted by a client who had the following problem: Earlier this year she contacted a photographer and asked the photographer to take some photographs of her, her husband and their two small children. They agreed by means of Whatsapp on a price and a...

Data Privacy in Healthcare: Addressing Emerging Challenges and Trends in Africa

Privacy Hub is hosting a seminar on Data Privacy in Healthcare: Addressing Emerging Challenges and Trends in Africa on Saturday, 25th May 2024 at 5pm (South African time). Join Paul Esselaar and various other speakers who will discuss latest trends in managing medical...

Why South Africa’s draft revised material transfer agreement is not fit for purpose

Forcing a square into a circle: why South Africa’s draft revised material transfer agreement is not fit for purpose

PAIA manual

View the PAIA manual HERE 20230626_PAIA_Manual_Esselaar Attorneys_PGE

Paul Esselaar

Paul Esselaar completed his BA, LLB at Rhodes University in Grahamstown in 1997. Thereafter he attended the School for Legal Practice at the University of Cape Town in 2000 and went on to complete his articles at Kessler De Jager Inc. During his articles he focussed...

Web Site Terms and Conditions

The Esselaar Attorneys Web Site is subject to copyright by Esselaar Attorneys or is licenced under copyright from third party owners. You may reproduce any web page - subject to the disclaimer below - for personal use only. Any comments and statements contained within...

Email Disclaimer

This message and any accompanying attachment(s) may contain confidential and copyrighted information. If you are not the addressee(s) indicated in this message or responsible for delivery of the message to the addressee(s), do not copy or deliver this message or the...

Financial Services Laws General Amendment Bill tabled in Parliament

According to the South African Government News Agency (SANews) the Financial Services Laws General Amendment Bill was tabled in Parliament last week. In short, 'the Bill, which was released for public comment in March, addresses urgent issues in eleven financial...

Is the Financial Services Industry pulling wool over consumers’ eyes?

The Financial Services industry is in a state of flux. The Financial Services Laws General Amendment Bill (FSLGAB) was tabled in parliament on 25 September 2012. The aim of the Bill is to ensure that ‘South Africa has a sounder and better regulated financial services...

Credit Law: Section 89(5)(c) of the NCA declared unconstitutional

In the May/June edition of CLR Paul Esselaar wrote about a decision by the Western Cape High Court in which s 89(5)(c) of the National Credit Act was declared unconstitutional for being inconsistent with the right to property in s 25(1). In other words it was found...

NEW

What can I do if a photographer posted photos of my children on social media without my permission?

I was recently contacted by a client who had the following problem: Earlier this year she contacted a photographer and asked the photographer to take some photographs of her, her husband and their two small children. They agreed by means of Whatsapp on a price and a...

Data Privacy in Healthcare: Addressing Emerging Challenges and Trends in Africa

Privacy Hub is hosting a seminar on Data Privacy in Healthcare: Addressing Emerging Challenges and Trends in Africa on Saturday, 25th May 2024 at 5pm (South African time). Join Paul Esselaar and various other speakers who will discuss latest trends in managing medical...

Why South Africa’s draft revised material transfer agreement is not fit for purpose

Forcing a square into a circle: why South Africa’s draft revised material transfer agreement is not fit for purpose

PAIA manual

View the PAIA manual HERE 20230626_PAIA_Manual_Esselaar Attorneys_PGE

Paul Esselaar

Paul Esselaar completed his BA, LLB at Rhodes University in Grahamstown in 1997. Thereafter he attended the School for Legal Practice at the University of Cape Town in 2000 and went on to complete his articles at Kessler De Jager Inc. During his articles he focussed...

Web Site Terms and Conditions

The Esselaar Attorneys Web Site is subject to copyright by Esselaar Attorneys or is licenced under copyright from third party owners. You may reproduce any web page - subject to the disclaimer below - for personal use only. Any comments and statements contained within...

Email Disclaimer

This message and any accompanying attachment(s) may contain confidential and copyrighted information. If you are not the addressee(s) indicated in this message or responsible for delivery of the message to the addressee(s), do not copy or deliver this message or the...

Financial Services Laws General Amendment Bill tabled in Parliament

According to the South African Government News Agency (SANews) the Financial Services Laws General Amendment Bill was tabled in Parliament last week. In short, 'the Bill, which was released for public comment in March, addresses urgent issues in eleven financial...

Is the Financial Services Industry pulling wool over consumers’ eyes?

The Financial Services industry is in a state of flux. The Financial Services Laws General Amendment Bill (FSLGAB) was tabled in parliament on 25 September 2012. The aim of the Bill is to ensure that ‘South Africa has a sounder and better regulated financial services...

Credit Law: Section 89(5)(c) of the NCA declared unconstitutional

In the May/June edition of CLR Paul Esselaar wrote about a decision by the Western Cape High Court in which s 89(5)(c) of the National Credit Act was declared unconstitutional for being inconsistent with the right to property in s 25(1). In other words it was found...

The South African Police Services have recently published their draft Standard Operating Procedures (SOP) which are required in terms of section 26 of the Cybercrimes Act no. 19 of 2020. While we plan to make detailed comments on the SOPs themselves, from a high-level perspective there are a number of important issues that should be borne in mind when reading the SOPs and suggest that the draft SOPs are not fit for purpose: 

SOPs in a Cybercrime Act are unusual

While many police services around the world have standard operating procedures, they tend not to reference them in their Act. While it is possible that other cybercrime legislation around the world does this, we are not aware of any. Why does this matter? The reason this is important is that it lends a degree of formality to the Cybercrime SOPs – not only must they be published in the government gazette, but they are only finalized after there has been a ‘process of public consultations’. In essence, this means that the Cybercrimes Act SOPs cannot fly below the radar. 

SOPs do not only affect the Police

Section 26 of the Cybercrimes Act obliges the South African Police Service to observe the SOPs but it goes a step further and obliges any investigator appointed in terms of the Cybercrimes Act and ‘any person…who is authorized in terms of any other law to investigate any offence…’ to follow the same SOPs. The point here is that there a huge number of other entities created in terms of laws – the Information Regulator, the National Consumer Commission, the National Credit Regulator, the Financial Intelligence Centre etc. – who will be obliged to follow the same SOPs that the Police have just drafted and those SOPs need to be appropriate for those entities as well. 

SABS 27034 seems to be ignored 

It should come as no surprise that digital forensic standards have been around for a while and one of the more recognizable standards for this is ISO 27034 which made its way into the SABS 27034 standard which is a South African digital forensic standard. Curiously no mention of this standard can be found anywhere in the SOP. 

SOPs are not clear

A major concern when it comes to the SOPs is that they are relatively difficult to understand. This is huge problem when you expect a constable with no tertiary education (and certainly not a degree in computer science) would have to interpret and give effect to the SOPs when collecting digital evidence. For instance, a decision tree would be of great assistance to those who are new to digital evidence collection. Consider the following: 

  1. Do you have a written warrant? – yes / no
  2. Do you have enough time to get a warrant? Yes / no
  3. If you do not have enough time to get a warrant then can you get the consent of the person? Yes / no
  4. Did you get the digital evidence (called ‘articles’ in the Cybercrimes Act) during the course of an arrest? Yes / no
  5. If your answer to all the above is ‘no’ then can you objectively say that waiting for a written warrant will frustrate the purpose of the warrant (i.e. if you take too long then there is no point to the written warrant as the evidence will have been deleted / be removed / be altered…)? Yes / no

Etc…

What emerges from the SOPs is that it is clear that no real attempt has been made to use a plain language expert to review the SOPs based primarily on who the audience is. SOPs are not going to be useful if they aren’t understood. 

SOPs is a principles-based policy document 

There are lots of useful tips in the SOPs but the SOP has been drafted as a policy document, not a procedure. Instead of creating a procedure which by its very nature tends to be very binary (right or wrong) the SOPs read like a policy document where the investigator should ‘consider’ factors such as ‘reliability, authenticity, proportionality’ etc (clause 1.8). While there is no problem with creating principle-based legislation – the Protection of Personal Information Act (POPIA) does exactly that – it doesn’t mean that this is a procedure. There should be a clear difference between policy (the principle of reliability), a standard (the SABS 27034 standard) and procedures (do this, do that). 

How did we get here? 

There is a rumour that the original version of the SOPs was more substantive but were watered down after some of the original versions. This may be partly because the SOPs moved out of the Department of Justice and Constitutional Development and into the Department of Police and partly because the police have a very real fear that specific rules on digital forensics are able to be evaluated (and non-compliance with these rules will be clear). Perhaps the police fear that specific SOPs like this will amount to simply another stick that defence attorneys can use to beat the Police services with? Whatever the case the current version of the SOPs feel like an opportunity lost for South Africa to be a thought