IDENTIFYING CRITICAL DATA AND DATABASES – A PROPOSAL FOR A RISK-BASED THEORY OF IMPLEMENTING CHAPTER IX OF THE ECT ACT

Authors

  • Mzukisi Niven Njotini

DOI:

https://doi.org/10.17159/obiter.v34i1.12091

Keywords:

ECT Act, identify and classify critical data and databases

Abstract

South Africa adopts meaningful measures to prevent and/or alleviate attacks to its critical data and databases. The measures are embodied in Chapter IX of the Electronic Communications and Transactions Act 25 of 2001.1 The Chapter IX measures encumber the Minister of Communications to perform innumerable functions, inter alia, to identify and classify critical data and databases. However, this article submits that the Chapter IX measures are founded and places (unlimited) reliance on a stagnant or inflexible approach. Such an approach assumes that a process to identify and classify critical data and databases is a product of guesswork. Put differently, the Chapter IX measures uses a common-knowledge or one-size-fits all approach as an aid to identify and classify critical data and databases. By so doing, Chapter IX of the ECT Act fails to recognize that a holistic and flexible approach or framework is indispensable in a process to identify and classify critical
data and databases.

Downloads

Download data is not yet available.

Downloads

Published

25-08-2021

Issue

Section

Articles

How to Cite

IDENTIFYING CRITICAL DATA AND DATABASES – A PROPOSAL FOR A RISK-BASED THEORY OF IMPLEMENTING CHAPTER IX OF THE ECT ACT. (2021). Obiter, 34(1). https://doi.org/10.17159/obiter.v34i1.12091