This document provides an overview of key information technology (ICT) laws that organizations should be aware of and comply with. It notes that boards have a duty under King III to ensure organizational compliance with ICT laws. Several ICT-related acts are mentioned, including the ECT Act, PAI Act, PPI Bill, and RICA. Individuals who need to be aware of applicable ICT laws include the CAE, CRO, legal, CO, and CIO. The document offers to provide more detailed information on specific ICT laws and how to ensure compliance.

1. Be aware of the ICT laws that apply to your organisation John Giles ICT lawyer john@michalsons.com 083 322 2445 t. 086 011 1245 skype. johngiles www.OnlineLegal.co.za www.MichalsonsAttorneys.com

2. Thank you

3. The goal today

4. King III

5. What must your organisation comply with? “the board should ensure that the company complies with IT laws and that IT related rules, codes and standards are considered.“

6. Ignorance of the law is no excuse You should have a working understanding of the effect of the applicable laws, rules, codes and standards on the company and its business. The induction and ongoing training programmes should incorporate an overview of and any changes to applicable laws, rules, codes and standards. You should sufficiently familiariseyourself with the general content of applicable laws, rules, codes and standards to discharge your legal duties. You should understand the context of the law, and how other applicable laws interact with it.

7. Who needs to be aware? CAE CRO Legal CO CIO

8. Impossible Task?

9. Overwhelmed?

10. The benefits of being aware?

12. An Information System

13. ECT Act

14. PAI Act

15. PPI Bill

16. RICA

17. To ask questions and find the detail

18. Thank you John Giles john@michalsons.com Michalsons Attorneys can help apply ICT laws to your specific circumstances www.MichalsonsAttorneys.com “ICT Law with Insight” Copyright © Michalsons 2002-2009 The information contained in this presentation is subject to change without notice. Michalsons makes no warranty with regard to the material, including the implied warranties of fitness for a particular purpose. Michalsons will not be liable for errors or for incidental or consequential damages in connection with this material. This document contains proprietary information that is protected by copyright. All rights are reserved. No part of this document may be photocopied, reproduced, or translated to another language without the prior written consent of Michalsons. This document is an unpublished work protected by the copyright laws and is proprietary to Michalsons. Disclosure, copying, reproduction, merger, translation, modification, enhancement, or use by any unauthorised person without the prior written consent of Michalsons is prohibited. Contact John Giles at john@Michalsons.com for permission to copy.

19. Monitoring email in the workplace “in the course of the carrying on of any business” but requirements Consent Cyber crimes

20. Email as evidence Is allowed! Reliability Integrity Originator

21. Production of an email If the law requires you to produce a document or information, you can produce that document in the form of an email if at the time that the email was sent:1. the method of generating the email provided a reliable means of assuring the maintenance of the integrity of the information contained in the email; and2. it was reasonable to expect that the information contained in the email would be readily accessible so as to be usable for subsequent reference.

22. Conclusion of agreements by email

23. Personal Information and email

24. Retaining and archiving email

25. Compliance is a process Be aware of ICT laws Assess where you are (assessments) Determine the gap between reality and compliance (gap analysis) Find solutions Implement solutions to ensure compliance Ongoing review