ECT Act No 25 of 2002
The Electronic Transaction and Communications Act 25 of 2002 allows for the electronic communication of documents. However, the Act does not put any systems in place to be used for such communication. The result is that organizations tend to use “what is available” to exercise this right to electronic communication.
Whereas many would agree that social media would not be a suitable medium for delivering sensitive or important documents, few seem to realise that email is also not a suitable medium.
When using standard email:
- The sender of a sensitive document has no idea who else, besides the intended recipient, will be able to read the sent document. The sender may (or may not even) trust his own IT department, but would probably be naive to simply trust the IT department of the recipient.
- Documents attached to email messages may be intercepted, and may even be tampered with or substituted.
- Email does not provide an independent delivery receipt. There is not much the sender can do when the recipient claims that the document was never received. Even when the “request-read-receipt”-option in email is used, it requires the cooperation of the recipient.
- Email is effectively a mechanism to exchange notes, with documents literally being an add-on attachment. Many mail servers are configured to strip off large document attachments, leaving the sender with no other option but to split large documents into smaller parts to be attached to multiple email messages. The recipient is then left with the laborious task of having to reconstruct the original document from the bits and pieces that often arrive out of order.
A tailor-made service is needed to add the necessary certainty and trust to the process of exchanging important and sensitive documents.
This is the service that Doxit offers.
POPI Act No 4 of 2013
The Protection of Personal Information Act, which will come into force in the near future, places an obligation on public and private bodies to treat personal information of persons in a sensitive and responsible manner. Personal information includes, for example, names, ID numbers, addresses, and telephone numbers.
The POPI Act also regulates the flow of personal information across the borders of the Republic of South Africa. This is not allowed, unless specific requirements are met.
The obligations imposed by the POPI Act, especially with reference to security measures to protect personal information, make it difficult to justify using email when sending documents containing personal information. Standard email is simply not secure enough to be considered a responsible way in which to communicate personal information.
The use of communication services hosted outside South Africa’s borders, without carefully considering and complying with the conditions under which the POPI Act allows for this, is questionable and problematic.
Doxit is a communication system through which appropriate and reasonable technical and organizational measures are taken to ensure the integrity and confidentiality of personal information communicated via the system, in order to comply with the POPI Act.
Doxit encrypts documents to ensure secrecy and to prevent tampering.
Doxit stores documents encrypted on servers which are safely hosted within South Africa’s borders.