SO
No. 23708
Act No. 25,2002
(C)
GOVERNMENT GAZETTE, 2 AUGUST 2002
ELECTRONIC
COMMUNICATIONS
AND
TRANSACTIONS ACT, 2002
a general description of the categories or types of information stored in the
critical database excluding the contents of such critical database.
Management of critical databases
55. (1) The Minister may prescribe minimum standardsor prohibitions in respect of(a) the general management of critical databases;
5
(h) access to, transfer and control of critical databases:
(c) infrastructural or procedural rules and requirements for securing the integrity
and authenticity of critical data;
(d) procedures and technological methods to be used in the storage or archiving of
critical databases;
10
iei disaster recovery plans in theevent of loss of critical databases or parts
thereof; and
(f, any othermatter
required for the adequateprotection,managementand
control of critical databases.
(2) In respect of criticaldatabases administered by public bodies, all regulations 15
contemplated in subsection ( I ) must be made in consultation with all members of the
Cabinet affected by the provisions of this Chapter: Provided that the Minister must not
record information contemplated in section 54(2) if that information could reasonably
compromise( a ) the security of such databases; or
20
( 0 ) the physical safety of a person in control of the critical database.
(3) This Chapter must not be construed so as to prejudice the right of a public body to
perform any function authorised in terms of any other law.
Restrictions on disclosure of information
56. (1 ) Information contained in the register provided for in section 54 must not be 25
disclosed to any person other than to employees of the Department whoare responsible
for the keeping of the register.
( 2 ) Subsection ( 1 ) does not apply in respect of information which is disclosedto a rele\,ant authority which is investigating a criminal offence or for the
purposes
30 of
proceedings:
any criminal
to government agencies responsible for safety and security in the Republic
pursuant to an official request;
io a cyber inspector for purposes of section 57;
pursuant to sections 11 and 30 of the Promotion of Access to Information Act,
2000: or
35
for the purposes of any civil proceedings which relate to the critical data or
parts thereof.
Right of inspection
57. (1 ) The Director-General may. from time to time, cause auditsto be performed at
a critical databaseadministrator to evaluatecompliance with the provisions of this 40
Chapter.
( 7 )The audit may be performed either by cyber inspectors or an independent auditor.
Non-compliance with Chapter
58. (1) Should the audit contemplated in section 57 reveal non-compliance by the
critical database administrator with this Chapter, the Director-General must notify the 45
critical database administrator thereof in writing, stating(cr) the finding of the audit report;
( 6 ) the action required to remedy the non-compliance; and
(c) the period within which the remedial action must be performed.