During August 2002, the first South African Web Site Compliance Survey painted a bleak picture of non-compliance and general indifference towards the laws and regulations governing website and the online sale of goods and services in South Africa. Within two years, compliancy levels have dropped by more than 30%.
During August and September 2004, Legalsentry and Buys Inc. IT Attorneys conducted the second South African Web Site Compliance Survey.
Legalsentry ( www.legalsentry.co.za
) is an online and automated website and e-mail compliance tool developed during the first half of 2004 by Swist Group Technologies ( www.swistgroup.com
) and Buys Inc. ( www.buys.co.za
). It allows website owners to create terms and conditions and e-mail legal notices by submitting the required information to the Legalsentry website - these documents are then automatically converted to encrypted PDF format, hosted on the Internet and implemented in accordance with the governing laws. Slideshows explaining how Legalsentry works may be downloaded from: http://www.legalsentry.co.za/downloads.shtml
Unlike the 607 websites randomly surveyed in 2002, more than 1500 websites were examined during the 2004 survey - also randomly selected from the Proudly South African membership list ( http://www.proudlysa.co.za/members/index.asp
"Website compliance does not require much ... proper website terms that address the correct issues and implemented correctly should do the trick for most websites," says Reinhardt Buys, editor of the Cyberlaw@SA textbooks and managing director of Buys Inc. Notwithstanding the Proudly South African membership commitment to high standards, only 1,03% of its members' websites are fully compliant (95+ rating). In 2002 the full compliance rate was a mere 0,16%.
"You can hardly claim to be Proudly South African if your business' website shows little or no regard for the South African law," says Buys.
"Low compliance levels seems to be an international trend," says Gerrit van Gaalen of Buys Inc's Johannesburg offices, "in terms of a survey conducted by The Strategy Group during May 2004, only 25% of websites in the United States proved to be compliant, while more than half of the respondents admitted that they were not in compliance."
The most shocking finding of the 2004 results is that 81% of the websites surveyed do not have any legal notices at all - up from 47,3% in 2002.
"Unfortunately the legal notices used by most sites either fail to address the required issues or are invalid because of implementation in breach of section 11(3) of the Electronic Communications and Transactions (ECT) Act 25 of 2002," says Buys.
The number of websites with terms and conditions available as hyperlinks from the home pages decreased from 7,1% in 2002 to 6%. The use of privacy policies followed the same pattern, down from 15% to 8% in 2004. Apart from the slight increase in the number of fully compliant websites, the only good news from the 2004 survey results is that the number of websites with liability disclaimers increased from 3,8% to 8%.
In 2002 26% of website operators claimed that they did not know what to do to become compliant. This figure increased by 5% to 31%. In the US the figure is 38%. A high rate of 32% of US respondents stated that they do not consider website compliance an important issue.
What seems to contradict the overall decrease in 2004 compliance levels is the fact that 43% of website operators indicated that they understand the risks and liabilities associated with non-compliance - up from 27% in 2002.
Risks of liability
"The fact that we have not seen high profile cases resulting from non-compliance in South Africa is probably to blame for the assumption that nothing happens to those website owners," explains Van Gaalen. "Non-compliance invites a whole range of risks and legal liabilities such as civil liability, criminal fines, copyright infringement, trademark abuse, repudiation of contracts and even investigations by the Consumer Affairs Committee."
In the US more than 70% of the respondents appreciated the serious consequences of non-compliance.
"Although instances of website liability occurs mostly in the US and Europe, there has been a steady increase in local examples," says Buys. "During March 2003, a defamatory statement posted to the website of Kick-Off magazine, ended in the High Court. A month later the Department of Health investigated an illegal online pharmacy in Table View and in June of the same year, the Gauteng Metro Police attempted to close down a website that warned motorists of speed traps around Johannesburg."
"Most website operators fail to comply with the onerous provisions of chapter 7 of the ECT Act and fail to address the important issues provided for in Part II of Chapter III, not realising that such failure exposes the website to significant risk and liability. Notwithstanding the ban on advertising online casinos in most provinces, many South African websites and portals continue to do so."
The number of websites that adequately address the provisions of chapter 3 and chapter 7 of the ECT Act decreased from 5,06% to 3,22% in 2004. Section 11(3) clearly states that legal notices available through hyperlinks are invalid if not positioned correctly and if not either printable or saveable by Web visitors.
Simple legal document creation
"Legalsentry allows businesses to create, implement, use and update the various legal documents and notices required for legal compliance," says Buys, "the technology was developed to ensure compliance with South African laws at R725,00 per month."
Van Gaalen adds, "Legalsentry also ensures e-mail compliance and automatically includes the required e-mail legal notice to the top of all e-mail messages sent from an organisation."
A very high 87% of respondents claimed that their websites are not compliant because the legal fees required for compliance are too high and beyond the reach of SMEs. In 2002 the figure was 66,3%.
"The fact that legal fees charged for website compliance generally exceeds the costs incurred to set up the website, excludes most small and medium-sized businesses from the specialised legal assistance required. Legalsentry was developed as a DIY tool to address the high costs of website and e-mail compliance and the fact that most businesses implement compliance solutions in breach of section 11(3) of the ECT Act," explains Van Gaalen.
87% of the 2004 respondents said that they would use DIY compliance tools if affordable. This figure is down 7% from the 2002 results.
High legal fees and little understanding of legal requirements are not the only issues hampering compliance. According to Dr Larry Ponemon of the Ponemon Institute, "Web compliance in many organisations is a fragmented responsibility, sometimes in the hands of privacy officers, brand managers, lawyers, webmasters, internet service providers and other agencies."
Notwithstanding the clear requirements of section 11(3) of the ECT Act, only 9,3% of the websites surveyed positioned their legal notices correctly and only 10,1% have legal notices that are either printable or saveable.
"I am not surprised by the low level of compliance," says Ant Brooks, the regulatory head of the Internet Service Providers Association (ISPA). "Unfortunately, little thought seems to be given to the practicality of implementing those laws and requirements. The result is that the legislation does not achieve the goals it sets out to achieve, and instead simply creates a sector populated by unwitting criminals. To me, this suggests that Government needs to review the steadily increasing bureaucratic overhead being placed on the ICT sector and find ways to reduce that burden, particularly on SMEs."
Of all 1550 websites surveyed, the Telkom website ( www.telkom.co.za
) was the only one to score a full 100% compliance rate. The US website compliance survey conducted by The Strategy Group found that website security (91%) and privacy (86%) are considered the most important website compliance issues.
Corporate IT departments are seen as the most important website compliance stakeholders (42%). Only 19% of the US respondents stated that a CIO is the most important stakeholder.
The view of eStrategy, particularly when it comes to e-Law issues, is that there will always be debate around the degree to which one defines compliance (narrowly or broadly), and that the overall intent of compliance is one of mitigating against risk, in its myriad of guises. An educated approach to the compliance might even hint at the extent to which e-law compliance itself can constitute adherence to business best practice.
Whilst there is clearly some disagreement amongst the e-law fraternity on what does and what does not constitute legal compliance, eStrategy will continue to highlight these opinions, and leave it to you, the reader, to ask the hard questions of your suppliers and service providers. Clearly business does not want to 'innocently take up legal obligations that it does not need', but then again it also cannot profess ignorance at its legal obligations in this rapidly changing world.