The development of social media platforms has enabled communication to progress seamlessly. In today’s society, communication both personally and professionally occurs via social media. This has allowed for efficiency and an increase in the flow of information. However, the companies which create and manage these platforms have been known to tread the ethical and legal boundaries of interception of information sent via these platforms. Social media has made it easy for many businesses including legal practices to make the leap to working from home with significant ease, in comparison to many other industries. However, using social media platforms confidential information is not necessarily safeguarded. Recently the social media platform known as Whatsapp (a subsidiary of Facebook) has updated its privacy policies, which has resulted in a panic among users. Many legal practitioners use Whatsapp and similar instant messaging social media platforms within the course and scope of their profession. This article seeks to address whether using social media platforms breaches the confidentiality of the attorney’s profession is bound to.
The general provisions of the Legal Practice Act’s Code of Conduct hold that legal practitioners shall maintain legal practitioner/ client privilege and confidentiality regarding the affairs of present or former clients or employers. It further holds that legal practitioners are required to scrupulously preserve both the personal and confidential information disclosed to them by clients. The only exception to this strict requirement of confidentiality is where the law specifically requires the disclosure of information. This makes it clear the high value to which confidentiality is regarded within the profession.
At present, there is no specific legislation in South African law enacted to regulate social media platforms. When we look to legislation to guide us, the legislation available is that of ECTA (Electronic Communications and Transmissions Act No. 25 of 2002) as well as POPIA (Protection of Personal Information Act No. 4 of 2013). The main purpose of POPIA is to protect the information of data subjects, and information surrounding the data subject, but not the content of the information sent by them. In other words, POPIA is able to regulate the information surrounding the message such as where the message originated from and who sent it, but not the content of the actual message. ECTA is responsible for the regulation of access to the content of a message. Another important piece of legislation is that of RICA (Regulation of Interception of Communications and Provision of Communication-Related Information Act No. 70 of 2002), one of the purposes of RICA is to regulate the interception of communication in circumstances where such interception is deemed necessary.
Section 9(4)(c)(bb) of ECTA holds that any other matter reasonably justifying confidentiality is not open to public inspection if such document or information can be separated from the application, representations or other documents in question. Section 85 of ECTA defines “access” of information to include the actions of an individual who after taking note of any data and becomes aware that he is not authorised to access such data, and proceeds to access such data anyways. Section 86 of ECTA also holds that access to the content of information shared between data subjects by data controllers is classified as interception, which constitutes a cybercrime. What we can draw from these provisions of the legislation is that the content of data shared must be treated by data controllers as confidential. Despite handling information sent via social media platforms, data controllers may not access such information unless by an express requirement of the law, such as a court order. Contravention of this is an unlawful act and is punishable by law.
It is clear that despite the lack of legislation to regulate social media platforms, there are provisions within legislation which may be applied to social media platforms. These provisions enable the law to protect users of social media platforms from having their data unnecessarily accessed. However, these provisions are not a bulletproof vest which protects all data from being infringed upon by third parties. Due to this, it is necessary for users of social media platforms to be cautious with what they divulge on these platforms. The use of social media platforms does not appear to contravene the confidentiality required within legal protection as the content of information is usually only accessible by the sender and recipient. There rests a responsibility upon legal practitioners to take steps to ensure that the information they deal with is safeguarded. As with all information disclosed to legal practitioners, the legal practitioner has a duty to ensure that the reasonable expectation of confidentiality is maintained.