We offer specific legal services regards information security law. There are various information security laws that apply to the protection of information. Michalsons are regarded as one of the leaders in South Africa in:
- information security law,
- cyber security, and
- the drafting and reviewing of information security policies through a “legal lens”.
We offer the following infosec services:
Review and drafting of IT policies
We have advised on, drafted and implemented IT or ICT policies in several public and private sector organisations including amongst others, Old Mutual, First Rand Bank, the City of Cape Town, the City of Johannesburg, the SA Post Office, the SABC, the Agricultural Research Council, the SA Human Rights Commission, Allan Gray, Media24 and Sun International.
When reviewing or drafting policies, we follow a specific policy framework we have developed based on ISO/IEC 27001:2005 and ISO/IEC 27002:2005, best practices, generally accepted security principles, our own expertise and experience in the area of information security, information management, law and risk management.
Information security law related audits
We conduct several infosec related audits:
Laws impacting information security
We have compiled a comprehensive list of laws that:
- contain information security obligations;
- mention signatures (and require that specified documents be signed with a pen and ink or electronic signature).
Cryptography provider registration services
If you want to register as a cryptography provider under chapter 5 of the ECT Act, we will do the registration for you. Our client’s have included local and foreign security vendors and certification authorities. Click here for more information.
Electronic Signature Services
We provide various electronic signatures service. Click here to find out more.
The legal implications of implementing and operating a PKI require specialists who understand business and technical matters relating to PKI, as well as the law. Michalsons are one of the few law firms in South Africa who have actively been involved in providing advice around PKIs since 1997 and have been involved in providing legal advice to several CA’s.
We can help you:
- understand what PKI is all about;
- contextualise PKI in the context of the ECT Act;
- develop a PKI legal framework;
- draft or review your Certificate Policy, Certificate Practice Statement, Subscriber and Relying Party and related agreements.
Accreditation of advanced electronic signatures
We can assist you have your authentication product or service accredited as a provider of advanced electronic signatures under the ECT Act.
PCI DSS Compliance
We provide legal advice around PCI DSS legal issues.
Information security law related disputes
Information security breaches, especially by employees, are becoming more common. The frequency of these breaches means disputes are likely and will end up in litigation. Examples of possible court cases include:
- Cases stemming from external hacking attacks and internal security breaches;
- These attacks and breaches cause damage not only to the initial targets, but also third parties. The possibility of a claim by an affected third party against the company (the initial target) raises what is called “downstream liability” (downstream liability claims involve allegations that the target’s failure to protect its own systems damaged a third party when the attacker used the target’s systems as a conduit or weapon against the third party);
- Cases against technology vendors based on claims that the vendor failed to ensure the security of its services, or claims that hardware or software products contain security flaws (which has become an important “product liability” issue under the new Consumer Protection Act of 2009;
- Cases concerning electronic records, and whether they are archived properly to ensure their integrity and reliability;
- Cases arising from e-mails and other electronic information based on issues of appropriate usage, long-term archival, or intentional or inadvertent destruction.
We have a wealth of experience in the litigation of disputes in various dispute resolution forums in South Africa. At the same time, the firm has extensive expertise in information security, enabling it to grasp highly technical matters of security technology. Michalsons marries this technical expertise with litigation experience to provide effective legal representation for its clients.