Digital Duty of Care—Building Workplace Resilience in the Age of Cybercrime, Social Media & AI
- John Botha
- Oct 7
- 3 min read
South African workplaces are navigating a rapidly changing landscape where compliance with information technology, cybercrime, social media, and AI requirements is critical. With evolving threats and increasing regulatory demands, companies must ensure robust protection, fair practices, and clear protocols across all digital operations. Below, explore the key legal frameworks and essential elements of a comprehensive IT Acceptable Use, Cybercrime, Social Media & AI Policy.
Core Legal Frameworks
Cybercrimes Act 19 of 2021: Regulates unlawful access, data interference, phishing, ransomware, forgery of data, and reporting obligations for organisations.
Protection of Personal Information Act 4 of 2013 (POPIA): Ensures lawful handling, safeguards, and data subject rights for personal information.
Electronic Communications and Transactions Act 25 of 2002 (ECTA): Sets the legal validity of electronic communications, data protection in transactions, and employer monitoring duties.
Employment Equity Act 55 of 1998 (EEA): Prohibits discrimination, enforces equity, and guides fair tech and AI application.
Promotion of Equality and Prevention of Unfair Discrimination Act 4 of 2000 (PEPUDA): Upholds non-discrimination, including in AI outputs and online/social media behaviour.
Labour Relations Act 66 of 1995 (LRA): Governs IT misuse discipline, misconduct processes, and employment consequences for policy breaches.
RICA: Regulates lawful interception and employee communication monitoring.
POPIA & ECTA: Together, they set out employee access to their personal data, requirements for lawful monitoring, and the boundaries of workplace privacy.
Key Policy Components
Introduction & Scope: Application to staff, contractors, and third parties across all relevant technology platforms.
Definitions: Clarity on core terms, including information systems, personal data, cybercrime, social media, and AI.
Acceptable Use: Mandates on system access, confidentiality, password practices, and banned activities.
Cybercrime Policy: Duties for incident reporting and compliance with criminal law, plus internal sanctions.
Social Media Policy: Rules for official and personal online behaviour, confidentiality, and crisis responses.
AI Usage: Criteria for permitted AI tools, privacy compliance, transparency, and ethical standards, with bans on covert surveillance and bias.
Monitoring & Privacy: Lawful workplace monitoring protocols, employee rights, and privacy protections under POPIA and ECTA.
Training & Awareness: Required onboarding and refresher training on IT, cybersecurity, social media, and AI use, plus signed policy acknowledgement.
Incident Response: Procedures for reporting and handling IT, data, social media, and AI-related incidents.
Policy Enforcement: Consequences for violations and annual review linked to legal/tech developments.
IT & Digital Policy Compliance Checklist
Compliance Area | Status (Yes/No) | Last Reviewed | Responsible Dept/Person |
IT Acceptable Use Policy exists and up to date | |||
Cybercrime procedures align with the Act | |||
POPIA-compliant data protection procedures | |||
ECTA-mandated monitoring protocols documented | |||
EEA/PEPUDA compliance for tech and AI use | |||
LRA-linked misconduct and IT misuse processes | |||
RICA communication interception procedures checked | |||
Definitions list reviewed for completeness | |||
AI tool register and bias assessment complete | |||
Social media rules for official and personal use | |||
Training schedule implemented and tracked | |||
Incident reporting flowchart posted and known | |||
Annual policy review scheduled and resourced |
Attend our workshop on the Landmark Judgment: Equal Parental Leave for All Parents (click here), taking place 09 October 2025, 15:00 - 16:00, R950 excl. VAT. It includes a Parental Leave Policy Template and a Model Contract Clause for rapid rollout.
Join us at the Annual Labour Law Update. This year's theme is Labour Law at the Crossroads: Adapting to Change in an Uncertain Economy and with Massive Labour Law Reform Impacting Case Law. What you'll gain:
Master the Digital Transformation of Labour Law in 2025
200+ Labour Law Cases Unpacked by Jonathan Goldberg
Critical Updates on Upcoming Legislation & NEDLAC Amendments
Navigate Workplace Challenges from the Digital Era to Discrimination Laws
View our upcoming events: Upcoming Events, like Landmark Judgment: Equal Parental Leave for All Parents, Employment Equity Reporting, Managing Absenteeism in the Workplace, and #ALLU2025.
*All workshops are offered as customised in-house training that can be presented virtually or on-site.
"Global Business Solutions (GBS)—Your Partner in Strategic HR Compliance"
Comments