Directors at War: Terminating Email Access

Directors at War: Terminating Email Access

“All is fair in love and war…and business is war.” (Jasmine Kundra)

When company directors are locked in dispute, one of them may be tempted to cut off the other’s access to emails and to the business server – a tactic likely to have immediate and serious consequences for the director thus cut off.

Its appeal as a tactic to force the other director to the negotiating table is obvious, but the question is whether the director thus deprived has any legal remedy available to force immediate restoration of access.

A recent Supreme Court of Appeal matter saw a director in that exact position trying to get his access back urgently with a “spoliation order” application.

“Cut off his email and server access”

When the two directors fell out, one (let’s call him ‘A’) applied for liquidation of the company on the grounds of deadlock. Director B opposed this application, and, alleging that A had resigned his directorship, instructed the web hosting entity hosting the company’s server and email addresses to cut off A’s ‘email and company network/server access’ with immediate effect.

A, denying hotly that he had resigned, immediately applied to court for a “spoliation order” restoring his email and server access to him.

Spoliation – a quick and effective way to get back possession, but only if…
  • The spoliation process is designed to stop disputing parties from taking the law into their own hands and provides a quick and effective way of regaining possession of something if you have been wrongfully deprived of it. It’s a quick and effective remedy because “[T]he injustice of the possession of the person despoiled is irrelevant as he is entitled to a spoliation order even if he is a thief or a robber. The fundamental principle of the remedy is that no one is allowed to take the law into his own hands”. In other words, you can get an immediate spoliation order without having to prove your right to possession of the thing – all you have to prove is the wrongful dispossession.
  • So that would have been an ideal outcome for A, giving him immediate restoration of his access to his emails rather than having to fight his way slowly through a full trial proving his rights to email and server access. But it was not to be. His problem was that, in order get a spoliation order, one of the first things you must prove is that you were in “peaceful and undisturbed possession” of something.
  • Now A would have been able to prove such possession if he had for example been wrongfully deprived of use of a company car or even of an “incorporeal” right to use property (such as “quasi-possession” of a right of access under a servitude). But he was unable to convince the Court that his email/server access fell into any such category.
  • As the Court put it: “Thus only rights to use property, or incidents of occupation, will warrant a spoliation order.” A’s prior use of the email address and server was not an “incident of possession of movable or immovable property”, it is purely “a personal right enforceable, if at all, against [the company].”
  • In a nutshell, A must now prove his legal right to email and server access – perhaps he will be advised to apply for an ordinary interdict, perhaps he will sue for damages and/or re-instatement, but whichever course he chooses he will need to accept the inevitable delays. In other words, if B’s tactic was to put immediate and substantial pressure on A in the short term it worked – at least for now.

Don’t however take any action like this without professional advice – it could come back to bite you badly if it misfires.

Disclaimer: The information provided herein should not be used or relied on as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your professional adviser for specific and detailed advice.

© LawDotNews

PAIA Manuals and the 31 December 2021 Deadline: Crying Wolf Again, or Real This Time?

PAIA Manuals and the 31 December 2021 Deadline: Crying Wolf Again, or Real This Time?

“A man who procrastinates in his choosing will inevitably have his choice made for him by circumstance.” (Hunter S. Thompson)    

Since 2005 businesses have been repeatedly told “get your PAIA (Promotion of Access to Information Act) manual sorted now, the deadline is approaching”. And every 5 years since then, those (mostly smaller) businesses temporarily exempted from lodging manuals have been given yet another extension – usually at the very last minute.

“Crying Wolf” again?

With government “Crying Wolf” so often, small business owners can certainly be forgiven for treating this whole process with a great deal of scepticism. Perhaps though this deadline is one to take seriously, particularly since the related POPIA (Protection of Personal Information Act) is now fully in place and new PAIA Regulations have been promulgated to tie in with POPIA.

What businesses are currently exempt?

PAIA itself requires all public and private bodies to prepare, lodge and publish (including on any website you have) a PAIA information manual.  Every business operation, no matter how small, falls into that net – the definition of “private body” includes any person or partnership who carries on or has carried on “any trade, business or profession”, together with any “former or existing juristic person” and political parties.

In other words, all businesses of all types and sizes must have a PAIA manual once the current exemption comes to an end.

You are probably currently exempt if you are a smaller business, specifically a “private body”, including any private company.

But the exemption does not apply to any non-private company, nor to any private company in any of the business sectors listed below with either –

  • 50 or more employees, or
  • An annual turnover of or above specific thresholds – see the table below for details.
Do your Manual now anyway!

Even if the deadline is once again extended, you will almost certainly still have to comply somewhere down the line, and at least by getting this done now you have got rid of one annoying little red tape item from your Action List. Procrastinating, as Hunter S Thompson pointed out, just means having the choice made for you down the line.

Prepare your PAIA manual now; if you already have one, update it regularly.

Disclaimer: The information provided herein should not be used or relied on as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your professional adviser for specific and detailed advice.

© LawDotNews

Your Website of the Month: Start a New Business Fast and Lean

Your Website of the Month: Start a New Business Fast and Lean


The COVID-19 pandemic has closed many doors, but it has also levelled many playing fields and opened up a slew of new business opportunities. If you are one of the many budding entrepreneurs out there looking to start up your own business (perhaps by choice, perhaps after a business closure), you may wonder where and how to go about it.

Bizly’s “Start a business: How to get going fast, the lean start-up way” here shares some ideas for “action planning using rapid, feedback loops to get the business off the ground quickly and with minimal risk.”  Answer 6 preliminary questions, complete a one-page business plan, and prepare for launch!

Disclaimer: The information provided herein should not be used or relied on as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your professional adviser for specific and detailed advice.

© LawDotNews

Your Website of the Month: How to Plan and Hold Virtual Board Meetings

Your Website of the Month: How to Plan and Hold Virtual Board Meetings


Virtual meetings are here to stay. Make the most of them with “Optimising the virtual boardroom: A guide to planning and executing virtual board meetings” from Nasdaq Governance Solutions on Moneyweb.

Learn how to –

  • “Build a virtual board table” (“creating a virtual seating arrangement” and so on),
  • “Mitigate meeting day glitches” (we’ve all wasted time on fiascos!), and
  • “Keep it confidential” (paramount).

Disclaimer: The information provided herein should not be used or relied on as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your professional adviser for specific and detailed advice.

© LawDotNews

11 POPIA Questions to Ask Yourself Before 30 June 2021

11 POPIA Questions to Ask Yourself Before 30 June 2021


Note: This is a complex topic and there is no substitute for tailored professional advice. What is set out below is of necessity no more than a simplified summary of some practical highlights.

You and your business are at substantial risk if you aren’t fully compliant with POPIA (the Protection of Personal Information Act) on 1 July 2021.

The clock is ticking! Have a look at the Information Regulator’s Countdown Clock here to see exactly how many days (and hours, minutes, and seconds!) you have left.

Be ready! Be compliant! Ask yourself these eleven questions –

  1. Does POPIA really apply to us?
    As soon as you in any way “process” (collect, use, manage, store, share, destroy and the like) any personal information relating to a “data subject” (suppliers, customers, members, employees and so on – whether individuals or “juristic persons” such as corporates and the like), you are a “responsible party”.The formal definition of a responsible party is “a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information” – very few businesses and organisations will fall outside that net. Equally you are unlikely to fall under exemptions such as that applying to information processed “in the course of a purely personal or household activity”.But don’t panic –. compliance is easily attainable for most businesses, particularly if you are a smaller operation with little in the way of sensitive personal information. Answer the questions below to get a feel for areas you need to concentrate on now.
  2. What risks do we run if we don’t comply with POPIA?
    If a data subject suffers any loss as a result of your breach of POPIA, the subject (or the Regulator at the request of the subject) can sue you for damages and you will be liable even if your breach was unintentional and not negligent. You also face criminal prosecution, penalties and administrative fines for some breaches.
  3. Have we registered our Information Officer/s?
    You must register your Information Officer (“IO”) with the Information Regulator – go to the Regulator’s Online Portal for the online and PDF versions of the registration form, plus the email address for support enquiries and a link to the Search page. The IO is responsible (and liable) for all compliance duties, working with the Regulator, establishing procedures, and the like. You are automatically your business’ IO if you are its “Head” i.e., a sole trader, any partner in a partnership, or (in respect of a “juristic person” such as a company) the CEO, MD or “equivalent officer”. You can “duly authorise” another person in the business (management level or above) to act as IO and you can designate one or more employees (again management level or above) as “Deputy Information Officers”.
  4. Do we have a list of all personal information we hold, and how and why we hold it?
    Make a full list of all the personal information you hold/process, whether physically or in electronic form. Then evaluate it against the test that, to collect and “process” personal information lawfully, you need to be able to show that you are acting safely, lawfully, and reasonably in a manner that doesn’t infringe the data subject’s privacy.You must show that “given the purpose for which it is processed, it is adequate, relevant and not excessive”. Data can only be collected for a specific purpose related to your business activities and can only be retained so long as you legitimately need to (or are allowed to) keep it for that purpose.
  5. What security measures do we have in place?
    You must “secure the integrity and confidentiality of personal information in [your] possession or under [your] control by taking appropriate, reasonable technical and organisational measures to prevent … loss of, damage to or unauthorised destruction of personal information … and unlawful access to or processing of personal information.”You are at great risk of liability and penalties if you suffer any form of data breach from a risk that is “reasonably foreseeable” unless you can prove that you took steps to “establish and maintain appropriate safeguards” against those risks. If you haven’t already done so, brainstorm with your team all possible internal and external vulnerabilities (physical as well as electronic) and address them.
  6. Do third parties hold/process personal information for us?
    If third parties (“operators”), hold or process any personal information for you, they must act with your authority, treat the information as confidential, and have in place all the above security measures. Further restrictions apply if the third party is outside South Africa.
  7. Do we know what to do if we suffer a breach?
    Any actual or suspected breaches (called “security compromises” in POPIA) must be reported “as soon as reasonably possible” to both the Information Regulator and the data subject/s involved.
  8. Do we do any “direct marketing” and if so do we comply with all requirements?
    Most businesses don’t think of themselves as doing any “direct marketing”, but the definition is wide and includes “any approach” to a data subject “for the direct or indirect purpose of … promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject…”. So for example, emailing or WhatsApping your customers about a new product or a special offer will put you into that net.If your approach is by means of “any form of electronic communication, including automatic calling machines, facsimile machines, SMSs or e-mail”, you must observe strict limits. Whilst you can as a general proposition market existing customers/clients in respect of “similar products or services” (there are limits and recipients must be able to “opt-out” at any stage), potential new customers can only be marketed with their consent, i.e., on an “opt-in” basis. They can be approached only once for that consent so keep a record of everyone you have asked.
  9. Does our website use cookies and if so do we have a cookie notice and policy in place?
    As countries around the world ramp up their privacy laws, we will all see many more examples of “cookie notices” on websites we visit. You may wonder how your own website should be configured, and the short answer is that if it uses cookies (almost all do), POPIA very likely applies despite the fact that there is no specific mention of cookies in the current legislation. Bottom line – to be on the safe side, have a cookie notice and policy in place. Keep yours simple and user-friendly.
  10. Do we have a privacy policy and a POPIA manual in place?
    POPIA – unlike PAIA (the Promotion of Access to Information Act) – doesn’t require you to have a POPIA manual in place but in larger businesses it is certainly a good idea to prepare one.However you should certainly have a privacy policy in place. Make sure that everyone in your organisation is aware of it and of how critical it is to comply with it at all times.
  11. Is our staff team ready?
    Check that everyone in your business understands your compliance plan and their own individual roles and responsibilities in it. Make sure that nothing falls through the cracks – assign specific tasks to specific staff members.
Bodies Corporate and Homeowners Associations – how POPIA affects you

Bodies Corporate and Homeowners Associations (HOAs) fall into the POPIA compliance net and should be asking themselves the questions above.

In assessing what personal information you hold, how and why you hold it, and who you are sharing it with, remember to include not only scheme owners and HOA members but also your auditors, attorneys, managing agents, the CSOS (Community Schemes Ombud Service), security service providers and the like.

If you have gate security in the form of visitor registers, scanning of licence plates and driver’s licences and so on, be ready to address questions around having lawful reason for collection and retention of all the personal information you are gathering in this manner.

Disclaimer: The information provided herein should not be used or relied on as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your professional adviser for specific and detailed advice.

© LawDotNews

Companies: Are Restraints of Trade Valid in a Time of Covid?

Companies: Are Restraints of Trade Valid in a Time of Covid?

“For him to be forced out of a career of choice to start working in a different field at a time when many businesses are closing down, retrenchments and lay-offs being commonplace and individual[s] doing everything possible to survive and cope with the health and economic devastating effects of the covid 19 pandemic, is plainly unreasonable and contrary to public policy and constitutional values” (extract from judgment below)

Consider this unhappy (but not unlikely) scenario: For whatever reason, you part ways with your fellow director/shareholder (or perhaps a key employee), who goes off immediately to join (or found) the opposition. 

Now you have a major problem – he/she was privy to all your trade secrets and confidential information and they are now being used to compete against you. Your business could be crippled.

Using the time-tested restraint of trade clause

An effective and time-tested way of protecting your business from such a risk is to insist on all directors, shareholders and key employees signing restraint of trade agreements from the start. Such restraints are usually included as clauses in employment contracts and/or (less commonly) in shareholder agreements. 

However, it is vital to word the restraint clause correctly if it is to stand up to legal scrutiny.  Although our law has long recognised the right of businesses to enforce this type of contract so as to protect their “proprietary and protectable interests”, and although in general we are held by the law to the agreements that we conclude, there is always a balance struck with the employee’s constitutional rights to be economically active and to earn a living.

As the High Court put it recently: “It is settled law that restraints of trade are valid and binding and, as a matter of principle, enforceable unless, and to the extent that, they are contrary to public policy because they impose an unreasonable restriction on the former employee’s freedom to trade or to work. It is also settled that the onus of establishing that the restraint of trade is unreasonable falls on the former employee.”

A common mistake – going “too wide”

The most common mistake businesses make is to word the restraint of trade too widely (in one or more of type of activity, geographical area or time period). No matter how tempting it may be to do so, that is courting disaster. The wider the clause is, the greater the chances of a court holding it either totally invalid or only partially enforceable. Rather word your clauses tightly and defensibly.

Two recent High Court decisions illustrate both this principle, and the potential impact of the Covid-19 pandemic on our courts’ approach to the questions of reasonableness and time periods.

The impact of the pandemic on the “reasonableness” test
  • A director, shareholder and employee of a company specialising in media and advertising solutions resigned as both director and employee after a breakdown in relations, the company owing him R1.2m in short-paid salary. He however retained his shareholding. 
  • He was subject to restraints of trade (in both his employment and shareholder agreements) which prohibited him from working for a competitor, and from sharing confidential information and trade secrets with them, for 18 months in any of 29 African countries.
  • He nevertheless joined a direct competitor (active in 2 of the 29 African countries) and acted in breach of the restraint by contacting customers and business associates. When sued in the High Court for enforcement of the restraint clauses, his main defence was that they were unreasonable and prevented him from earning a living.
  • The Court confirmed the need to consider all the relevant circumstances, not only at the time a restraint is entered into, but also at the time that the business tries to enforce its restraint. In this case, the company’s attempts at enforcement encompassed the period March to July 2020 – a time of strict lockdowns and economic turmoil.
  • The upshot – the Court rejected the company’s suggestion that the ex-director could remain economically active in another field for which he was qualified, commenting: “For him to be forced out of a career of choice to start working in a different field at a time when many businesses are closing down, retrenchments and lay-offs being commonplace and individual[s] doing everything possible to survive and cope with the health and economic devastating effects of the Covid-19 pandemic, is plainly unreasonable and contrary to public policy and constitutional values”. The restraints were rejected as unenforceable.
The impact of the pandemic on time periods 

Another recent High Court decision saw the Court reducing a 2-year restraint, on sales employees who resigned in March and April 2020 respectively, to 14 months. 

In doing so the Court took what it considered to be a reasonable base period in the circumstances of 12 months and added 2 months “to compensate for the lockdown period”, also commenting that “…I am aware that our society is living in strange times. The COVID-19 pandemic has played havoc with, inter alia, our economy. Businesses have been prevented from operating and the ability of the applicants to appoint and train new salespersons will undoubtedly have been blunted by the state of the economy. This is of some relevance when considering the length of the period of restraint…”.  

So – are restraints of trade valid in times of pandemic and upheaval?

Neither decision means that restraints are necessarily unenforceable or only partially enforceable during times of economic turmoil and high unemployment. Each case will be decided on its own merits, but in assessing whether your own restraint clauses will be considered reasonable and enforceable, they are clearly factors to be borne in mind.

You have Successfully Subscribed!