What is a POPIA Compliance Seal?

It is important to know why you should get your POPIA certification. The European Union’s GDPR carries fines of up to 20 million Euro or 4% of company turnover – whichever is the greater. The GDPR further imposes criminal sanctions in certain instances. Similarly, POPIA imposes fines up to R 10 million and imprisonment for wrongful and intentional POPIA contraventions.

There is no uniform standard mandating the steps required to satisfy compliance with applicable Information Privacy legislation. However,  your business is required to do what is “reasonably practicable” under the circumstances to comply with POPIA and the GDPR.

This means your business should have already taken active steps towards POPIA compliance. The best way to implement this process is to have your privacy practices reviewed by independent experts.

How to get your POPIA Certification

SwiftTechLaw provides independent expert assessments of what would be considered “reasonably practicable” steps satisfying POPIA and GDPR compliance.

Upon completion, your business will receive a seal reflecting that your organisation has completed an Information Privacy compliance review program. This will assist in mitigating your legal risks under POPIA and the GDPR. It sends a strong message to your customers and suppliers that doing business with your organisation won’t compromise the integrity of their personal information.

The post How to get your POPIA CERTIFICATION appeared first on Swift Tech Law.

1. Enable the two-step verification feature to secure your WhatsApp account

Yes- it is a bit of admin, but if you don’t activate this feature and your Whatapp account gets hacked, the hacker can use this function to lock you out of your account. To enable this feature and to secure your WhatsApp account, you will be required to choose a 6-digit passcode. When enabled, any attempt to verify your phone number on WhatsApp must be accompanied by the passcode that you created using this feature. We suggest that you also enter your email address to allow WhatsApp to send you a link via email to disable two-step verification in case you ever forget your six-digit passcode – which we know you will probably forget by the time you need to use the passcode again.

2. Enable your security encryption notifications

Why would you want to enable this feature?

Each of your chats has its own security code used to verify that your calls and the messages you send to that chat are end-to-end encrypted. If you click on a contact and scroll down to “Encryption” you will find this code This code in the contact info screen, both as a QR code and a 60-digit number. These codes are unique to each chat and can be compared between people in each chat to verify that the messages you send to the chat are end-to-end encrypted.

At times, the security codes used in end-to-end encryption might change. This is likely because you or your contact reinstalled WhatsApp or changed phones. Secure your Whatsapp account by enabling this feature. You will be notified when the security code changes and will be able to catch the cybercriminal before you get scammed.

Already been scammed?

If you have already fallen victim to this scam you can contact SwiftTechLaw if you require any further advice or assistance. If you are still in control of your number, secure your Whatsapp account before it is too late. For those thinking “nah – it will never happen to me”, let’s hope you don’t have generous friends and family members.

The post SCAM ALERT: SECURE YOUR WHATSAPP ACCOUNT appeared first on Swift Tech Law.

Having a company website / online store in this day and age is becoming pivotal to the success of any organisation and securing your domain name is the first step. However, once your e-commerce business starts to flourish, competitors and online criminals might be looking to take advantage of your success.

Reasons to secure your domain name:

”Cybersquatting” – the practice of registering, especially well-known company or brand names, as domain names, in the hope of reselling them at a profit. In 2015 Ye Li registered rolls-roycemotorcars.co.za, whereafter she offered to transfer the domain name to its rightful owner against payment of US $ 5 000.

“Typosquatting” – also known as URL hijacking, is a form of cybersquatting that targets internet users who incorrectly type a website address into their web browser. In the infamous Tvvitter attack, a look-alike fake website “Tvvitter” was created in order to steal users’ login credentials.

“Drop-catching” – can be described as the automated registration of a domain name that has lapsed due to non-payment of the renewal fee. In August this year a fraud alert was published after cipro.co.za, belonging to the predecessor of the Companies and Intellectual Property Commission (CIPC) was scooped up by a Mexican man, Miguel Antonio Gomez, after its registration lapsed. He used the domain to redirect browsers to a Czech website providing hacking services. By getting his hands on the domain name, he could also potentially distribute legitimate-looking phishing emails which could be crafted to steal sensitive information.

Conclusion

Securing your domain name is vital to protect your brand. Unfortunately, many people do not think about protecting their domain name until it is too late. Disputes have arisen more and more frequently over the past few years with domain names becoming an invaluable commodity. Fortunately, South Africa has an established, cost efficient and expeditious dispute resolution procedure for domain name conflicts. The procedure entitles any party to lodge a complaint against a co.za domain if it “takes unfair advantage of the rights” of that party or “is contrary to law or likely to give offence to any class of persons”.

SwiftTechLaw specialises in technology law and will gladly assist you with any matters relating to domain name registrations and disputes. Contact us here.

The post SECURING YOUR DOMAIN NAME appeared first on Swift Tech Law.

Business continues to move online and in any conversation you’ll come across the words “data privacy”, “cyber-crime”, “online retailer”, “App development” and many more.

So what exactly does a technology attorney do?

Basically – anything to do with the law and technology. Here at SwiftTechLaw we specialise in the following areas:

GRC (GOVERNANCE, RISK AND COMPLIANCE) – which includes PRIVACY LAW COMPLIANCE (POPIA & GDPR). Information privacy is a hot topic at the moment as the Information Regulator creeps closer to being established. Once this happens South African organisations will need to comply or face hefty penalties. We assist our clients with their compliance, which includes providing them with all required documentation, training and website updates.

DOMAIN NAME RIGHTS AND DISPUTES – Having a company website / online store in this day and age is becoming vital to the success of any organisation and securing your domain name is the first step. We assist with any matters relating to domain name registrations and disputes.

APP DEVELOPMENT – Have an idea for a new app? SwiftTechLaw can assist.

CRYPTOCURRENCY TRANSACTIONS – Crypto-currency investment remains the wild west of South Africa’s financial landscape. There is no cohesive regulation which restricts transactions or facilitates trade and this exposes investors to many risks. Organisations providing platforms for cryptocurrency transactions should also keep up to date with the latest regulations in order to minimise the risk for themselves and their investors. We assist by providing legal opinions and advise on how to minimise the risk of cryptocurrency transactions while the regulation thereof remains mostly unclear.

SOCIAL MEDIA RIGHTS PROTECTION / SEXTORTION / CYBERBULLYING / REVENGE PORN

START-UP / INCUBATOR ASSISTANCE – We assist start-ups with Non-disclosure Agreements, Non-compete Agreements, Registering different types of intellectual property (I.P), Contractual Terms of Business for each specific start-up, Website Privacy Policies and T&C’s, POPIA and GDPR Training.

TRADEMARK REGISTRATION – Trademark registration is a crucial first step for your start-up in order to ensure that you are able to continuously build your brand. If you decide that you don’t want to register your trademark, or that will get around to it once your company has become more established, it’s important that you understand the possible implications of not investing in the protecting of your intellectual property. Let us assist you in building your brand by with our trademark registration services.

COMMERCIAL TECHNOLOGY LAW – need to register a new company? Need assistance in the drafting of End User Licence Agreements? Software Agreements? Or Tech Deal Structuring? SwiftTechLaw provides a wide variety of legal services relating to commercial technology law.

TECHNOLOGY AND CIVIL LITIGATION – need to send a letter of demand? Don’t know what your options are in terms of legal recourse? We assist clients in settling or proceeding further with their legal disputes.

We also specialise in ARTIFICIAL INTELLIGENCE, CYBER CRIMES AND HACKING, ELECTRONIC SIGNATURES, GAMBLING AND GAMING TRANSACTIONS, CONSUMER RIGHTS AND DISPUTES.

Contact SwiftTechLaw here to assist you with your legal needs.

The post EVER HEARD OF A TECHNOLOGY ATTORNEY? appeared first on Swift Tech Law.

Since then, the digital age has presented major challenges to regulation. Technology enables the transfer of vast amounts of information across borders with many benefits. However, it simultaneously enables the citizens from countries governed by privacy legislation to transfer data outside their borders and bypass restrictions. In response, information privacy laws were amended to prohibit the transfer of personal information to countries with lower standards of legal regulation than their own.

In this context South Africa promulgated the Protection of Personal Information Act (POPIA). It ensures that South Africa is able to process information and conduct business with European countries for commercial benefit. Conversely, POPIA advances the right to privacy contained in the South African Constitution and imposes harsh sanctions for non-compliance.

In an expanding digital economy, stake holders within South Africa and the E.U increasingly process personal information across both jurisdictions. While South Africa and the E.U both have comprehensive laws in place, there are disparities and similarities between both. This creates a frequently asked, seldom answered question:

When are South African entities bound by the GDPR and when are European entities bound by POPIA? The answer is not always simple, but a basic understanding can assist.

What POPIA compliant organisations need to know about the GDPR

POPIA extends to the protection of personal information of juristic persons (i.e. legal entities) and not just individuals, making it more extensive and stringent than the GDPR which only applies to natural persons. It is therefore necessary for South African organisations to ensure that should they engage in business with organisations who are GDPR compliant, that these organisations extend their data protection to juristic persons in order to align with POPIA requirements.

POPIA is also more stringent in its requirement that an Information Officer should be appointed for all organisations, while the GDPR only requires the appointment of a Data Protection Officer for certain organisations.

Furthermore, the GDPR has much larger fines than POPIA. The GDPR carries fines of up to €20 Million or 4% of the global annual turnover, whichever is higher. The maximum penalties under POPIA are a R10 million fine and/or imprisonment for a period not exceeding 10 years, where the GDPR considers the latter to be a matter for member state law. Read more on POPIA requirements here.

What GDPR compliant organisations need to know about POPIA

While the concept of privacy by design is mandated by the GDPR, it is not mentioned in POPIA at all and remains a best practice option or voluntary approach for POPIA compliant organisations.

The GDPR furthermore provides data subjects with the benefits of data portability where data subjects may request that their data be transferred to another controller or service provider. This right is not extended to data subjects under POPIA.

The GDPR also mandates that data protection impact assessments be conducted and that evidence or documentation of such assessments be maintained. Currently there is no corresponding requirement under POPIA.

The best way forward

When it comes to information privacy compliance, there is no one-size-fits-all solution. As a point of departure, if you’re processing personal information (or personal data) regulated by POPIA and GDPR, you must satisfy the requirements of both jurisdictions. The good news is that adapting POPIA or GDPR for dual legal compliance is not onerous or invasive. It however requires expertise in both areas to ensure secure data-related commercial transactions.

Contact SwiftTechLaw here to enroll in our Privacy Law Compliance Program for 2020.

The post WALKING THE LINE BETWEEN POPIA AND GDPR appeared first on Swift Tech Law.

WHAT EXACTLY IS ARTIFICIAL INTELLIGENCE?

Artificial Intelligence is an area of computer science that emphasizes the creation of intelligent machines that work and react like humans. Some of the activities computers with Artificial Intelligence are designed for include speech recognition, learning, planning and problem solving. The effects thereof can be good and bad.

THE GOOD

Most people view Artificial Intelligence as futuristic and are unaware of how their lives are already affected by Artificial Intelligence. While FNB’s chatbot might be a new experience for many South Africans, the personal assistant chatbots, Siri or Alexa have already become the new normal for thousands of people around the globe. What many people don’t know is that as you use these assistants, they continuously learn about you until they are able to accurately anticipate your needs. The South African tech startup, Hey Jude, capitalised on this concept by creating a virtual personal assistant similar to Siri or Alexa, but improving the service and scope of requests by having real people “behind the scenes” attend to the requests. You can literally ask Jude to assist you with anything, ranging from restaurant bookings, renewing your car license or even prank-calling your boyfriend – all in good spirits of course. Hey Jude is a noteworthy example of the benefits of Artificial Intelligence and Emotional Intelligence (human) integration. As the tech mogul, Elon Musk warns: “humans must merge with machines or become irrelevant”.

Another exciting use of Artificial Intelligence comes from music applications such as Spotify or Apple Music. These apps use data to drive decisions. With Spotify every user gets a weekly personalised music playlist that they have never listened to on the service before, but that the algorithm calculated will be something the listener is expected to enjoy – eliminating the need for you to actively search for new music recommendations.

THE BAD

But what about the more recent report that Amazon had to scrap its secret recruiting tool as they were unable to rectify the algorithm that taught itself to prefer men over women or the malfunctioning of self-driving cars like those produced by Tesla, causing accidents and killing its drivers or innocent pedestrians. And probably the scariest of all – when Google employees quit over the company’s involvement in a drone program for the Pentagon called Project Maven. The project assisted the US military in developing drones that can spot and target vehicles and people by using Artificial Intelligence. Whereas current military drones are still controlled by people, this new technology will decide who to kill with almost no human involvement. And these are only a few cases that have come to light.

As per the examples above, today’s early stage Artificial Intelligence raises several practical and ethical problems. Artificial Intelligence systems are largely based on opaque algorithms that make decisions that even their own designers might  not be able to explain. The underlying mathematical models can be biased, and computational errors may occur. For the average person the main concerns surrounding Artificial Intelligence today should be that AI may progressively increase unemployment by displacing human skills.

WHAT THE EXPERTS SAY ABOUT AI

There have been some grave predictions about the potential of Artificial Intelligence from some high-profile tech experts. In 2014, the late Stephen Hawking wrote that the “Success in creating Artificial Intelligence would be the biggest event in human history. Unfortunately, it might also be the last, unless we learn how to avoid the risks.” Musk has furthermore issued numerous warnings and have gone as far as to state that the global race for Artificial Intelligence will cause World War III and that “AI is a fundamental risk to the existence of human civilisation”.

Contrarily, Microsoft billionaire Bill Gates publicly disagrees with Musk and Facebook founder and CEO Mark Zuckerberg calls Musk’s warnings “pretty irresponsible”. Zuckerberg continues to display optimistic views about a future where AI positively influences human life.

CLOSING THOUGHTS

No doubt we are in the age of witnessing Artificial Intelligence and digital revolution transforming the way we live quite radically, bringing with great opportunities for creating more efficient systems and achieving more growth. However, Musk continues to issue warnings regarding Artificial Intelligence and it begs the question if he knows something that the other tech moguls do not. In of his latest warnings he stated that “I am really quite close, I am very close, to the cutting edge in Artificial Intelligence and it scares the hell out of me. It’s capable of vastly more than almost anyone knows and the rate of improvement is exponential.”

SwiftTechLaw is at the forefront of Artificial Intelligence and its application to contemporary legal issues. Contact us here for more information.

The post THE EFFECTS OF ARTIFICIAL INTELLIGENCE appeared first on Swift Tech Law.

What’s in a name?

A trademark is a brand name, a slogan or a logo. To be successful in a Trademark Registration the mark must identify the services or goods and distinguish them from those of another.. If your trademark does not comply with these requirements, you will not be able to register or protect your brand and a competitor intending to use a similar name for their business or product will be entitled to do so.

An example of unregistrable trademarks, which many companies have fallen victim to, is the use of words or phrases reasonably required for use in a specific field of trade. The Companies and Intellectual Property Commission (CIPC) uses the word “server” as an example to explain this concept. They explain that should the word “server” be registered for computer services, nobody in that field of industry would be able to use the word in their everyday practice. This would be detrimental to the traders of that industry which is why the Trademarks Act 194/1993 prohibits these trademark applications.

What about famous descriptive and generic brand names such as Apple? This brand name could be registered as the word does not relate to the industry – if Apple however had to sell fruit instead of computing and technology products, the name would be unregistrable. Notwithstanding the examples above, there are several other types of unregistrable trademarks and it’s paramount to seek professional help when considering early stage branding.

If your trademark has not been registered or is unregistrable, someone in your industry could use similar identifying marks and you have very little power to stop them. It can be devastating when a competing business uses a similar name to yours and unethically exploits your brand. Moreover, this creates confusion in the marketplace and erodes your sales and bottom-line.

Conversely, your businesses’ use and promotion of certain names, logos and slogans might inadvertently infringe another company’s registered trademark. Consequences could be disastrous should the trademark owner demand that you cease and desist from further use of the identifiers that define your brand.

Absa: A distinctive name protects your brand even while you’re reinventing it

In July of this year, Absa rolled out a new corporate identity to distinguish itself from its erstwhile partner – Barclays Group. In statements made by CEO Maria Ramos, its new look was a conscious effort to ensure that Absa remains distinguishable in the market. To this end, Absa changed the bank’s logo, colour-scheme, and slogans. These branding devices have only been in the market for a few months but already enjoy strong trademark protection. Moreover, the new branding does not detract from the trademark protection conferred on Absa’s previous logos, colour-scheme, and slogans. This means Absa has not only distinguished itself to capture new customers but simultaneously protected its old branding worth several million Rand.

What’s the secret ingredient?

How was Absa able to do both? How can a company’s new logo, colour-scheme and slogans be so powerfully associated with its brand despite only being in the market for a few months? After all, Absa’s logos and devices are intended to distinguish Absa as a different company from the Absa-Barclays predecessor? Absa’s secret ingredient is that the wording “Absa” is not generic nor purely descriptive. It is unique, containing specific identifiers that enable Absa to simultaneously protect its current brand and previous identifying devices.

The lesson is clear: whether you’re a start-up about to commercialise or an established company in the market – now is the time to consider if features that define your business are capable of trademark protection. A distinctive name goes a long way in doing so. In the digital paradigm where business changes quickly, Absa’s new look teaches us a valuable lesson:

You shouldn’t underestimate what’s in a name. Take that first step to protect your company, contact SwiftTechLaw here for professional legal advice.

The post TRADEMARK REGISTRATION: LEARN FROM ABSA’S NEW LOOK appeared first on Swift Tech Law.

1. Domains 

Secured your domain name? Thinking – wow that was easy. Think again. Having a company website / online store in this day and age is becoming vital to the success of any organisation and securing your domain name is the first step. However, once your e-commerce business starts to flourish, competitors and online criminals might be looking to take advantage of your success. It is important to obtain legal advice from a specialist in technology law to ensure that your website domain name is protected. Click here to read more about the importance of domain names.

2. Trademarks 

What’s in a name? whether you’re a start-up about to commercialise or an established company in the market – now is the time to consider if features that define your business are capable of trademark protection. A distinctive name goes a long way in doing so.

3. Web Developing 

Imagine spending thousands on your website, only for your web developer to hold it hostage. Therefore, web development contracts are a must! The contract must clearly state that upon final payment for services rendered you will have 100% ownership of all assets which may include web design, images, code and content. Make sure you can access your website times, analytical data and backups at all times.

4. Content & Copyright 

It is important to make sure that you are not including content on your website that you are not entitled to use, may be illegal, defamatory or otherwise infringe on the rights of third parties.

5. Data Privacy and Security

Cookie banners, Privacy Policies, Terms of Service/Sale, Terms of Use, Information Privacy Manual – do these terms ring a bell? With the new Information Privacy Laws (the European Union’s General Data Protection Regulation (GDPR) and South Africa’s Protection of Personal Information Act (POPIA) it is vital to ensure that your website complies therewith. Prevention is better than cure – as these laws carry fines of up to 20 Million Euros / 10 Million Rand or even imprisonment!

SwiftTechLaw is able to conduct a business website audit for you to ascertain the extent to which your website complies with applicable law. To book your audit or for any related enquiries, you can contact us here.

The post 5 REASONS YOU NEED A TECHNOLOGY ATTORNEY FOR YOUR BUSINESS WEBSITE appeared first on Swift Tech Law.

Many organisations are taking the stance that while the Protection of Personal Information Act (POPIA) is not fully enacted, there is no need for compliance. POPIA compliance is essential as there are currently serious risks associated with non-compliance with the Act. One such consequence is reputational damage which may entail loss of revenue, clients and service providers and increased business costs.

Earlier this year MiWay Insurance came under fire when a recorded MiWay conversation with Zulu King Goodwill Zwelithini leaked to the public. The Zulu King laid a complaint and the Information Regulator issued a media statement on 12 February 2018 stating that “despite certain sections of POPIA not yet operative, the Regulator intended to proactively engage MiWay with regards to the processes and measures they have put in place to comply with the conditions for lawful processing of personal information as prescribed in POPIA”. During 2018 the Information Regulator similarly engaged with Facebook, Aggregated Payment System (Pty) Ltd and Liberty Holdings (Pty) Ltd after major data breaches involving ordinary South African’s personal information came to light.

Nothwithstanding the reputational damage these organisations may have incurred, once POPIA is fully enacted organisations face penalties of up to R10 million and/or imprisonment for a period not exceeding 10 years.

DIRECT MARKETING

A big concern for organisations is the effect POPIA will have on direct marketing. Under Section 69 of POPIA a potential customer (“prospect”) must consent before electronic direct marketing can take place. However, in order to obtain such consent a direct marketer may contact a prospect once only. If they withhold consent, the direct marketer may not contact them again. This applies unless that prospect is an existing customer who gave their personal information to the supplier in the context of a sale for the purpose of direct marketing and “has been given a reasonable opportunity to object, free of charge and in a manner free of unnecessary formality”.

Customers have the right to complain to the Information Regulator should they believe organisations are not complying with POPIA. To date more than two hundred complaints have been received. Organisations should bring their direct marketing practices in line with Section 69 as soon as possible to avoid investigations and legal sanctions. Moreover, POPIA empowers customers to institute legal proceeds against non-compliant organisations directly as an alternative to lodging complaints.

DATA BREACH

Earlier this year the Facebook data breach made headlines worldwide. It is reported that the personal information of 59 777 South African users was potentially shared with the data firm called Cambridge Analytica. To investigate the alleged breach the Information Regulator convened a meeting of various government institutions. These institutions included the South African Police Service, specifically the HAWKS, the National Prosecuting Authority (NPA), the Department of Rural Development, the National Credit Regulator and the Association of Credit Bureaus. The meeting agreed to establish a Task Team comprising of the representatives of the abovementioned institutions to ensure a multi-disciplinary approach to the investigation.

Contact SwiftTechLaw here to ensure that you are ready for when the Information Regulator comes knocking.

The post POPIA COMPLIANCE: WHEN THE INFORMATION REGULATOR COMES KNOCKING appeared first on Swift Tech Law.

Information Privacy Regulations Finalised Recently

It is no secret that South Africa’s Protection of Personal Information Act (“POPIA”) regulates the processing of personal information domestically. As legislation has increasingly evolved to tackle a cross-border challenge, POPIA’s provisions are aligned to stringent international standards. POPIA is structured in two instruments, the POPI Act and POPIA Regulations. The latter providing supplementary details of what is required to ensure legal compliance. On 14 December 2018, POPIA’s final version Regulations were promulgated affecting the implementation of SA information privacy law in several respects.

Enforcement Date

Certain provisions of POPIA are already in force and have been since 2018. Furthermore the Information Regulator has already been knocking on the doors of companies who have been complained about by data subjects. However, the application of other legal obligations and restrictions only take effect on a date to be determined by the legislature. One of the issues causing the delay of full POPIA enforceability is the promulgation of its Regulations. The promulgation of the latter in December brings complete legal enforceability under POPIA one step closer.

Stricter Regulation of Direct Marketing

Section 69 of POPIA requires direct marketers to obtain consent from data subjects in order to lawfully conduct campaigns targeting them. Failure to do so is an offence which carries heavy fines and penalties. The Regulations impose details regarding how such consent must be obtained. Namely, direct marketers are required to obtain a signed form from the data subject before electronic direct marketing can occur. Depending on how the regulation is implemented in practice, imposing this obligation could create a significant challenge to the direct marketing industry. Although stringent regulation could appear attractive to consumers, they should be reminded that the direct marketing industry is a significant employer and job creator in South Africa. Should the industry down-size, the limitations prescribed in the Regulations could become a poisoned chalice. Direct marketers should familiarise themselves with POPIA Regulations and ensure their organisation is streamlined to comply with POPIA without damaging revenue streams.

The responsibilities of the Information Officer

POPIA’s Regulations also contain further detail on Information Officers. Organisations are required to appoint an individual responsible for ensuring information privacy legal compliance. Much like a company secretary the Information Officer will be involved with legal implementing within their organisation. Amongst other requirements, this involves creating a compliance framework, conducting an information privacy impact assessment and creating a manual which outlines their organisation’s information privacy and security policies. While this seems daunting in practice, the responsibilities of an organisation’s Information Officer will most likely be supplemented by technology and privacy attorneys.

Elevated awareness of importance

As incidents ranging from Facebook’s data abuse to COLLECTION#1 continue to make headlines, the importance of legal regulation will escalate further. The Promulgation of POPIA Regulations are an encouraging step in the right direction as information privacy continues to be of domestic and global importance.

If you have not taken the necessary steps to comply with POPIA, contact SwiftTechLaw here.

The post POPIA REGULATIONS: PRIVACY LAWS ARE TIGHTENING appeared first on Swift Tech Law.