The risk of “cut and paste” policy management
It is surprising how regularly one comes across companies that are implementing security policy management or e-law related policy management by using form policies that have been purchased from abroad or downloaded off the Internet. Whilst it is highly commendable that at least these steps are being taken, following this route could reveal a number of new risks.
The first danger is that policies developed abroad do not take into account the specifics of South African law. This means that, at best, these policies may be only partially applicable and, at worst, may have no value.
E-law and security management both have a very big “human” element to them, and this is often encompassed through employee policy documents. However, South Africa's Labour Law has grown significantly during the last few years and has, in many regards, developed its own unique jurisprudence. This jurisprudence serves to distinguish it quite significantly from that found in other English-speaking countries such as the United States of America, Great Britain or Australia. Therefore policies developed for these countries fail to take into account specific aspects of South African law nor the jurisprudence that has developed from our labour courts.
A few simple examples of this:
- Privacy rights and interception of an employee’s e-mail: America has less developed jurisprudence in this regard, and employee privacy rights are far less well protected than in South Africa. A policy from America would not take this into account and could be invalid
- Vicarious liability: the South African courts have shown a tendency towards a liberal interpretation of the scope of vicarious liability. The tests that our courts have developed for the element of control in this regard are quite distinct from those developed in the UK. Policy documents that purport to control this risk, if copied from UK sources, would therefore fall short in this regard.
- Legal compliance: whilst South Africa’s ECT act is similar to several European acts, European jurisprudence has developed a number of statutory controls while South Africa has a far less developed jurisprudence. As a result policies from Europe may stress legal compliances that are not applicable in South Africa and fail to stress those that are.
It is therefore prudent that any company implementing e-law and information technology should employ the necessary management to review the policies, thus ensuring that they comply with South African legislation and jurisprudence.
The Electronic Law Consultancy offers the expertise of trained and certified lawyers who specialise only in electronic law, backed by practical and technical experience. This provides pro-active legal advice that is clear and understandable and also protects and enhances the efficiency of business communications. By utilising a business model and small business experience we are able to maintain fees at levels well below the industry norm.
03 Nov 2004
This article is intended to provide general guidance and does not constitute professional advice relating to specific instances. Should you wish to place any reliance on the information presented in this article we strongly advise that you consult your legal advisor or the Electronic Law Consultancy - firstname.lastname@example.org