By Zinta Strydom – Commercial Director of Riche Attorneys
Choosing where to store your business-critical data is one of the most important decisions your company will make, but you also need to understand the legal requirements. By bringing her global skills to market, our commercial director, Zinta Strydom, is your trusted advisor to empower you to a clear understanding and application of technology, privacy and cybersecurity laws, and equipping you with the necessary advice to protect your intellectual property portfolio. This month we touch on a few aspects:
Understanding E-Signatures
In the digital age, electronic signatures (e-signatures) have become an essential tool for conducting business efficiently and securely. In South Africa, the Electronic Communications and Transactions Act 25 of 2002 (“the Act”) governs the use of e-signatures. This guide aims to help clients understand the types of e-signatures, their legal standing, and best practices for their use. An e-signature is any electronic method that signifies agreement to a contract or document and can include an “I agree” button, so-called clickwrap agreements. There are two types of e-signatures under the Act, namely standard electronic signatures and advanced electronic signatures. Whilst standard electronic signatures are suitable for most transactions where the law does not require a specific type of signature, advanced electronic signatures may be used when the law specifically requires a signature, but does not specify the type. The latter offers enhanced security and verification.
Despite the prevalence of e-signatures, certain documents still require traditional “wet ink” signatures under the Act, such as agreements for the sale of immovable property, long-term leases, wills, etc. In the landmark case of Spring Forest Trading CC v Wilberry 2014, the Supreme Court of Appeal (SCA) considered whether email correspondence could constitute a valid e-signature under the Act. The lessee had cancelled lease agreements via email, and the landlord confirmed the cancellation through email. Later, the landlord denied the cancellation, citing a requirement for written and signed agreement. The court ruled that the email signatures were intended to serve as signatures. The SCA concluded that these email signatures fulfilled the requirements of Section 13(3) of the Act, thereby validating the cancellation.
It is essential to keep thorough records of the e-signing process and any authentication steps taken.
Non-compliance with the Protection of Personal Information Act 2013 (“POPIA”)
POPIA allows the Information Regulator to impose an administrative fine in instances where a responsible party committed an offence in terms of the legislation. Criminal penalties include facing imprisonment for up to 10 years. However, s89 empowers the Information regulator to assess any processing of personal information in compliance with POPIA. A s89 assessment in terms of POPIA is not an investigation based on a complaint or an enforcement notice. Receiving a s89 assessment notice does not mean you’re facing a fine—at least not yet. It’s a compliance assessment on how your organisation processes personal information.
Our commercial director can assist you with privacy by design policies and agreements to ensure your compliance with POPIA or international privacy laws. Understanding the complexed legal landscape of e-signatures and handling data privacy compliance are crucial for modern businesses in South Africa. By staying informed and prepared, you can ensure compliance, enhance efficiency, and maintain the trust of your stakeholders. If you need assistance, feel free to contact us for expert guidance and support.