Yes, sharing passwords in South Africa is illegal under most circumstances unless explicitly permitted by law or contractual agreement.
The Electronic Communications and Transactions Act 25 of 2002 (ECTA) criminalizes unauthorized access to computer systems, while the Protection of Personal Information Act 4 of 2013 (POPIA) restricts sharing credentials that expose personal data. The Cybercrimes Act 19 of 2020 further penalizes password misuse, with fines up to R50,000 or imprisonment. Employers and service providers may impose additional restrictions via internal policies or terms of service, which POPIA enforces as binding contractual obligations. A 2026 amendment to ECTA is expected to tighten penalties for credential-sharing in corporate environments.
Key Regulations for Sharing Passwords in South Africa
- ECTA (Section 86): Prohibits unauthorized access to computer systems, including password sharing that facilitates such access. Violations carry penalties of up to R10,000 or 12 months imprisonment per offense.
- POPIA (Section 22): Mandates that personal information may only be processed with consent or a lawful basis. Sharing passwords that expose such data constitutes a breach of conditions for lawful processing, triggering enforcement by the Information Regulator (SA).
- Cybercrimes Act (Section 2):
- Criminalizes the unlawful interception of data via shared credentials.
- Imposes mandatory reporting obligations on organizations if credential-sharing leads to data breaches, with non-compliance risking administrative fines up to R10 million.