top of page

Digital Duty of Care—Building Workplace Resilience in the Age of Cybercrime, Social Media & AI

  • Writer: John Botha
    John Botha
  • 1 day ago
  • 3 min read

South African workplaces are navigating a rapidly changing landscape where compliance with information technology, cybercrime, social media, and AI requirements is critical. With evolving threats and increasing regulatory demands, companies must ensure robust protection, fair practices, and clear protocols across all digital operations. Below, explore the key legal frameworks and essential elements of a comprehensive IT Acceptable Use, Cybercrime, Social Media & AI Policy.


Core Legal Frameworks

  • Cybercrimes Act 19 of 2021: Regulates unlawful access, data interference, phishing, ransomware, forgery of data, and reporting obligations for organisations.

  • Protection of Personal Information Act 4 of 2013 (POPIA): Ensures lawful handling, safeguards, and data subject rights for personal information.

  • Electronic Communications and Transactions Act 25 of 2002 (ECTA): Sets the legal validity of electronic communications, data protection in transactions, and employer monitoring duties.

  • Employment Equity Act 55 of 1998 (EEA): Prohibits discrimination, enforces equity, and guides fair tech and AI application.

  • Promotion of Equality and Prevention of Unfair Discrimination Act 4 of 2000 (PEPUDA): Upholds non-discrimination, including in AI outputs and online/social media behaviour.

  • Labour Relations Act 66 of 1995 (LRA): Governs IT misuse discipline, misconduct processes, and employment consequences for policy breaches.

  • RICA: Regulates lawful interception and employee communication monitoring.

  • POPIA & ECTA: Together, they set out employee access to their personal data, requirements for lawful monitoring, and the boundaries of workplace privacy.


Key Policy Components

  • Introduction & Scope: Application to staff, contractors, and third parties across all relevant technology platforms.

  • Definitions: Clarity on core terms, including information systems, personal data, cybercrime, social media, and AI.

  • Acceptable Use: Mandates on system access, confidentiality, password practices, and banned activities.

  • Cybercrime Policy: Duties for incident reporting and compliance with criminal law, plus internal sanctions.

  • Social Media Policy: Rules for official and personal online behaviour, confidentiality, and crisis responses.

  • AI Usage: Criteria for permitted AI tools, privacy compliance, transparency, and ethical standards, with bans on covert surveillance and bias.

  • Monitoring & Privacy: Lawful workplace monitoring protocols, employee rights, and privacy protections under POPIA and ECTA.

  • Training & Awareness: Required onboarding and refresher training on IT, cybersecurity, social media, and AI use, plus signed policy acknowledgement.

  • Incident Response: Procedures for reporting and handling IT, data, social media, and AI-related incidents.

  • Policy Enforcement: Consequences for violations and annual review linked to legal/tech developments.


IT & Digital Policy Compliance Checklist 

Compliance Area

Status (Yes/No)

Last Reviewed

Responsible Dept/Person

IT Acceptable Use Policy exists and up to date




Cybercrime procedures align with the Act




POPIA-compliant data protection procedures




ECTA-mandated monitoring protocols documented




EEA/PEPUDA compliance for tech and AI use




LRA-linked misconduct and IT misuse processes




RICA communication interception procedures checked




Definitions list reviewed for completeness




AI tool register and bias assessment complete




Social media rules for official and personal use




Training schedule implemented and tracked




Incident reporting flowchart posted and known




Annual policy review scheduled and resourced




Attend our workshop on the Landmark Judgment: Equal Parental Leave for All Parents (click here), taking place 09 October 2025, 15:00 - 16:00, R950 excl. VAT. It includes a Parental Leave Policy Template and a Model Contract Clause for rapid rollout.


Join us at the Annual Labour Law Update. This year's theme is Labour Law at the Crossroads: Adapting to Change in an Uncertain Economy and with Massive Labour Law Reform Impacting Case Law. What you'll gain:


  • Master the Digital Transformation of Labour Law in 2025

  • 200+ Labour Law Cases Unpacked by Jonathan Goldberg

  • Critical Updates on Upcoming Legislation & NEDLAC Amendments

  • Navigate Workplace Challenges from the Digital Era to Discrimination Laws


GBS Annual Labour Law Update 2025 #ALLU2025 Banner.

View our upcoming events: Upcoming Events, like Landmark Judgment: Equal Parental Leave for All Parents, Employment Equity Reporting, Managing Absenteeism in the Workplace, and #ALLU2025.

*All workshops are offered as customised in-house training that can be presented virtually or on-site.


"Global Business Solutions (GBS)—Your Partner in Strategic HR Compliance"

Comments


bottom of page