This is an executive summary of the most important business implications of the proposed e-Bill with recommendations for effective and seamless compliance.
Like many other countries, South Africa will soon have legislation governing e-commerce. Following a consultative process from 1999, Government will introduce the Electronic Communications & Transactions Bill (the e-Bill) during the 2002 session of Parliament. Although this legislation will remove many existing barriers to e-commerce, it will also introduce new challenges and risks for businesses - whether your business uses only e-mail or buys and sells goods and services over the Internet or a corporate intranet.
As part of the e-Bill, Government is obliged to develop a national e-strategy, consisting of a five-year action plan to stimulate and promote the use of the Internet and e-commerce.
What follows is a summary of the e-Bill with explanations of the implications and recommendations for your response.
Scope of the e-Bill and recommendations
Amongst others, the stated purpose of the e-Bill is to:
1. Promote understanding, acceptance and growth of e-commerce in SA;
2. Promote legal certainty in respect to e-transactions;
3. Ensure that e-commerce in SA conforms to international best practice;
4. Develop a safe, secure and effective environment for consumers and businesses to use e-commerce; and
5. Encourage investment in e-commerce.
The e-Bill is essentially divided into the following parts:
1. Legal requirements for data messages;
2. Communication of data messages;
3. Registration of cryptography providers;
4. Authentication service providers;
5. Consumer protection;
6. Protection of personal information;
7. Protection of critical databases;
9. domain name authority;
10. cyber inspectors; and
11. cyber crime.
The more important sections are detailed hereunder:
The e-Bill states that:
* All e-mail, Internet and other electronic messages are given legal status;
* All documents and agreements that had to be, by statute, in writing, signed, retained or in original format may now be in electronic format eg an agreement for the sale of land had to be 'in writing and signed by the parties' - this may now be concluded online and electronically. The enormous implications of this are self evident;
* Electronic documents may be submitted as evidence in courts;
* Electronic signatures are given legal recognition and the same legal status as ink-on-paper signatures;
* Legal agreements may be concluded online and electronically;
* e-mail is presumed to have been sent 'when it enters an information system outside the control of the originator' or 'when it becomes capable of being retrieved by the addressee'. This section also deals with the presumptions that shall apply to the receipt of an e-mail message;
* The sending of an e-mail shall be deemed to have come from the sender if:
1) It was send by the sender,
2) Sent by a person who had authority to do so from the sender and
3) Sent by an information system programmed by the sender or his/her company;
* Acknowledgement of receipt of an e-mail is not a requirement for a legal contract to come into place;
* Agreements concluded with electronic agents, such as websites, are given legal effect;
* Eighteen specific pieces of information should be supplied to an online consumer by any business selling goods or services over the Internet;
* There shall be a 'cooling off' period of 14 days for goods and services purchased over the Internet for the consumer to cancel the transaction;
* Spamming (sending of bulk unsolicited e-mail) shall be illegal unless certain requirements are met; and
* Online shops should deliver goods purchased online within a certain time-frame;
* Certain steps should be taken by businesses that collect personal information from Internet or e-mail users. These steps include:
1. Permission from the data subject;
2. Collection of information must be necessary for a lawful purpose;
3. The collector must, in writing, disclose the purpose of collecting the information;
4. The collector may not use the information outside the scope of the stated purpose; and
5. The collector must, for one year longer than the time the information is used for, keep a record of such information and the purpose it was collected for, and;
* Hacking, computer related extortion and forgery are made crimes.
* A quick legal scan of current business practices, agreements, website terms and conditions and disclaimers should highlight areas where amendments should be effected;
* The following legal policies should be in place and customised for your specific online business:
1. IP policy;
2. IT security policy;
3. e-evidence policy;
4. e-communications policy, and
* As some of the more onerous provisions of the e-Bill may be amended between your business and consumers or business partners, it is important to identify these and get the necessary agreements in place;
* If a business is selling goods or services over the Internet, their online terms and conditions must be amended to incorporate the e-Bill's consumer protection requirements. It is also important that the necessary practices be put in place to ensure that online agreements with consumers are:
1. legal and binding and
2. have evidential weight.
* If a business sends unsolicited mail to consumers, it is necessary to include the requirements to do so legally;
* If a business in any manner whatsoever, collects private information(**) from consumers, the necessary agreements, disclaimers and terms and conditions should be in place to avoid legal liability; and
* In-house seminars and workshops with management and staff to drive home the effects of the e-Bill and to enable practice to avoid legal liability.
This e-Bill will change the legal landscape forever and hopefully South Africa will soon be recognised as a country that empowers its citizens to use the Internet and e-commerce in a safe, secure and legally certain environment. Note that the e-Bill is not a public document yet and changes may be effected by parliament once the Bill is enacted. The cabinet accepted the e-Bill in 2001.
(**) Private information includes a person's name, ID number, telephone and fax numbers, e-mail address, street and postal address browsing habits or any other information that is unique to the individual.