Latest Industry News.


As you may recall I wrote an article on indemnities a couple of years ago dealing with the indemnity/waiver concept from the perspective of the Consumer Protection Act (‘CPA’). It dealt inter alia with the content of your indemnity and signage and the adjustments you’d have to make to align your business with the CPA.  

Since the CPA has come to fruition almost 10 years ago I have advised almost 300 businesses on this issue and, as with life and business in general, you are perpetually on a learning curve. I would like to share with you what I’ve learnt in the process over the last couple of years and the impact on my aforementioned article.

The key issue is whether or not you really need an indemnity and what to do if your indemnity fails/is not upheld in a dispute. Clearly there is always the possibility that the latter may occur and given that very real possibility, what steps should you take?

The indemnity is only one card in your hand of risk identification and management tools. As my saying goes: ‘Life is like a card game: it is not the cards you’ve been dealt, it is how you play them’. So let’s see which cards comprise your ‘risk hand’ and how to manage that.

Here they are but please note that it is not in order of importance:

  • Common law i.e. setting aside for the moment your T&C and indemnity (form and signage)
  • Customer briefing
  • Voluntary acceptance of risk (Volenti non fit injuria)
  • Managing your risk on the ground/at the coal face
  • Terms and conditions (‘T&C’)
  • Indemnity: form and signage
  • Insurance

The common law is effectively the principles that apply in lieu of a contract arrangement, whether explicit (Discussed and signed) or implied/implicit (Referred to in your e-mail, booking form etc). A well-known and well publicized principle is the ‘duty of care‘ i.e. the degree of care you need to afford your customers to avoid liability in the case of a potential claim. I’ve written extensively on this subject and space does not allow me to elaborate save to say that indirectly certain aspects will be addressed in the rest of this article.

The customer briefing can and should ideally not be limited to what transpires on arrival of your customers. The reason for this observation is that the information conveyed may require preliminary steps by the customer which, if conveyed upon arrival, cannot be carried out. This includes e.g. malaria (& other) prophylactics, medical check-ups, getting in shape for strenuous activities and more mundane yet crucial issues such as visas. Thus it is not only preferable to carry out this briefing as early as possible in the booking process, but also upon confirmation and upon arrival. It is recommended that this not be done ad lib but that the presenter has a checklist.

Risk can only be accepted if done voluntarily AND if the person accepting the risk has been adequately and timeously informed! The customer briefing clearly plays a key role as the supplier endeavours to shift the issue of liability and burden of proof. The role of the Consumer Protection Act, act #68 of 2008 (‘the CPA‘) is crucial and in this regard the following aspects of specifically section 49 (‘Notice required …. T&C’) are worth noting if not repeating:

  • The reason this clause requires notification to the customer is stated right at the end i.e. to give the customer an ‘adequate opportunity to receive and comprehend’ the impact of the notice, hence my comments of timing of the customer briefing
  • Timing is specifically addressed i.e. the notification must be the EARLIEST of the following: when customer (1) enters into the transaction; (2) engages in the activity; (3) enters/gains access to the facility; makes payment – thus e.g. no rushed, last minute circulation of an indemnity on a clipboard circulated as a game drive is about to take place!       
  • The manner in which it must be done is also crucial and this includes ‘plain language’ (as defined in section 22) and ‘conspicuous’ and ‘likely to attract the attention of an ordinarily alert consumer’ – beware hidden signage, small print etc. AND it is preferable to obtain the customer’s signature rather a simple nod of the head as inter alia a misperception may later be raised (which the supplier is bound to resolve – to be read with section 41)              
  • The topics to be addressed include:

Limitation/acceptance/assumption of risk/liability
Anything of an ‘unusual character or nature’ that may be encountered or participated in and which the customer is ‘not reasonably expected to be aware of or notice’ OR that may result in ‘serious injury or death’  {Adventure tourism here we come!)

Most of the above are aspects to be addressed and managed ‘at the coal face but what is important what and how you do. This includes + clear signage upon arrival and in your rooms/tents, briefing upon arrival, care taken with e.g. slippery surfaces and unfenced pools, staff training, first aid and evacuation.

T&C are often not dealt with properly. Again I’ve written detailed articles about why these are important. Over and above dealing with T&C  in the context of section 49 of the CPA as illustrated above, here are some of the reasons you need proper T&C which must be accepted by the customer:

  • Limitation of liability
  • Extraneous but very problematic aspects such as visas
  • Jurisdiction
  • Applicable law
  • Interest on late/non-payments
  • Legal fees
  • Exclusion of promises, perceptions, advertising etc
  • Capacity/authority to accept the T&C

AS with some of the topics above, I have written many articles and presented talks on indemnities and signage – again section 49 of the CPA is crucial. The very common observation about indemnities ‘It is not worth the paper it’s been written on’ definitely is not without merit BUT that depends on how it has been worded and managed. 

Finally there’s insurance. It is important to note that it is a crucial part of the ‘7 Tiers’ and not mutually exclusive to any of the above and in fact the better you deal with the other 6 issues, the more likely you are to obtain insurance at all, be in a position to negotiate lower premiums and high deductibles thus making the entire risk management per my ‘7 Tiers’ worth your while!           

October 09 2019                

Try us today and sign up for a 30 day FREE account                                                                      Try our DEMO Indemnity | Waiver


Social Media & Defimation. TREAD WARILY.

 As we are all no doubt quite aware, social media has to a large extent become the medium of choice not only to publicize and disseminate information but also to glean information. Due to the ubiquitous nature of the social media and the fact that any information communicated via this medium is instantaneously shared across the globe, the impact of such content is much greater, whether positive or negative.

The latter is the issue I will be addressing in this and subsequent publications. Before I continue I need to make sure we are ‘on the same page’ so let’s look at what we understand by/what is the definition of defamation and social media respectively:            



Wikipedia: Defamation is the infringement of one’s fama (Reputation or good name) i.e. the unlawful and intentional publication of defamatory matter (by words or by conduct or even a sketch/caricature/depiction) referring to the plaintiff, which causes his reputation to be impaired

The Law of Delict, McKerron: The publication of defamatory matter concerning another without lawful justification or excuse.

It can even include ‘body language or hand gestures’ (Abrahams & Gross)

The English differentiation between ‘libel’ (written) and ‘slander’ (spoken) forms of defamation is not part of our law – in South African law defamation refers to statements in any format that damages a persons reputation.     

Social Media Social media is the collective of online communications channels dedicated to community-based input, interaction, content-sharing and collaboration. Websites and applications dedicated to forums, microblogging,social networking,social bookmarking,social curation, and wikis are among the different types of social media

Meriam Webster: forms of electronic communication (as websites for social networking and microblogging) through which users create online communities to share information, ideas, personal messages, and other content (as videos)

 Some of the better know & more regularly used social media is Google, Facebook, Twitter and Instagram  


There are the rules/terms and conditions pertaining to each form of social media that users undertake to comply with once they engage that medium and then there are the laws of the country and the common law. However before we even consider any of the aforementioned guidelines there is the code of conduct (‘COC’) governing the membership of the association you are a member of: FGASA has a comprehensive COC and the following aspects impact on the use of social media – members undertake the following and the transgression thereof has dire consequences:

  • Compliance with the constitution and laws
  • Treat people with respect
  • Avoid insensitive and irresponsible behaviour
  • Be tactful

The South African Constitution enshrines freedom of expression (section 16) but this must be balanced (by the courts) with the right to maintain one’s reputation and dignity unblemished and that of privacy (section 14) (See the case of Dawood and Another v Minister of Home Affairs and Others 2000 (3) SA 936 (CC) – ‘Dignitas concerns the individual’s own sense of self worth, but included in the concept are a variety of personal rights including, for example, privacy’ – see also the case of Herholdt v Wills: “Facebook is fraught with dangers especially in the field of privacy” and therefore the Court agreed that by intervening it may have a positive effect on the use of Facebook. The Court stated that “the tensions between every human being’s constitutionally enshrined rights to freedom of expression and dignitas is all about balance.” 

More about this & the T&C of other forms of social media (e.g. Facebook & Twitter) in future issues

Copyright Adv Louis Nel t/a louis-THE-lawyer

June 06 2019

DISCLAIMER – Each case depends on its own facts & merits – the above does not constitute advice – independent advice should be obtained in all instances

LEGAL ADVICE CLUB – You can obtain specialized tourism advice from Louis (37 years in tourism) on an hoc basis or by joining his legal advice club in which event the fee for the 1st hour is only R700, 00

Try us today and sign up for a 30 day FREE account                                                                    Try our DEMO Indemnity | Waiver



Before I deal with the terms & conditions (‘T&C’) e.g. Facebook, etc, I think we need to get to grips with defamation and to do so we need to ‘unpack’ (1) the definition I used in the first article, and, before we get to potential damages (claims) and then the defences, let’s investigate what the party alleges to have been defamed (the Plaintiff) has to prove (vis a vis the Defendant).

At a meeting of industry professionals I recently attended the issue of defamation was discussed and what was scary was the misconceptions bandied about: not only about what constitutes defamation but what the defences are, so here we go!

If a party (‘A – plaintiff’) alleges he/she has been defamed by another party (‘B’ – defendant), A has to prove the following: (1)the statement must refer to A; (2) there must be publication/communication to a third party; (3) B must have (had) the intention to defame A; (4) the statement must be wrongful; (5) the content as such must be defamatory (6) the causal connection (nexus) between the statement and the damages; (7) damages (quantum) e.g. loss of customers and the financial implications.

So let’s look at each of these SIX requirements that the party alleges to have been defamed (A) must prove:

This means that the so-called reasonable person, when he or she hears the verbal or reads the written communication, must know it is about or refers to the person allegedly defamed. It does not have to refer to that person by name – it can refer to that person by implication/innuendo. The test the courts will apply is an objective one.

This is highly relevant to statements about a group or sector that may be inference include the plaintiff – it the group is too ‘too large and diffuse’, the plaintiff may not succeed (

This means the allegedly defamatory statement must be communicated by the defendant (B) to a third party and not only to the party who alleges to have been defamed (A) i.e. uttered verbally directly to a third party or spoken so loudly to A that it is inevitable that the third party(ies) would hear it or is published in print media (e.g. newspaper, newsletter), an e-mail copied to various parties or that may inadvertently reach non-intended party(ies) or any form of social media. This means the recipient must know or deduct that the person mentioned, referred or alluded to is A. Thus it has been held that ‘publication need not be intentional – a person may be held liable even for the unwitting dissemination of defamatory matter’ (McKerron 185). It means you have to be extremely careful not only about that you say but who you say it to, who you share it with and how you share it e.g. marked as ‘private, confidential and for the recipients’ information only’.

“Publish” means almost any form of communication. It could be a spoken or written allegation or even a non-verbal statement like an image that’s communicated to at least one person apart from the plaintiff. Something is considered to be published not only by the person who originated it, but also by anyone who subsequently repeats it. Clearly, the liability for defamation is potentially very wide, a scope that reflects the law’s investment in human dignity and reputation in particular.
The allegation that someone is a rapist is undoubtedly defamatory in law. Both the people who originated it and those who shared or retweeted it are potentially liable.

You may have heard the terms ‘libel’ & ‘slander’ – Some countries (but NOT South Africa) still differentiate between these two forms of defamation i.e

• Libelis defamatory statements and/or pictures published in print or writing; or broadcast in the media, such as over the radio, on TV or in film

• ‘Slander’ is an oral defamatory statement.
The test is objective and as stated in the first insert even ‘body language or hand gestures’ can constitute publication (Abrahams & Gross)!!

Here’s a drastic example: Maung Saungkha is a poet turned activist who served prison time over a satirical poem he posted on Facebook in 2015. ‘He posted a satirical poem on Facebook two years ago that was deemed by a court to be an insult to the president of Myanmar. The poem named no names, but it colorfully implied that Saungkha has a tattoo of the president on his penis. He was arrested and hauled off to prison, where he served six months for criminal defamation’ (

More about the elements that comprise proof of defamation namely the balance of the SIX requirements i.e. intention & wrongfulness in the next insert and then we’ll move onto defences.

Copyright Adv Louis Nel t/a louis-THE-lawyer
June 06 2019

DISCLAIMER – Each case depends on its own facts & merits – the above does not constitute advice – independent advice should be obtained in all instances
LEGAL ADVICE CLUB – You can obtain specialized tourism advice from Louis (37 years in tourism) on an hoc basis or by joining his legal advice club in which event the fee for the 1st hour is only R700, 00

Try us today and sign up for a 30 day FREE account                                                                  Try our DEMO Indemnity | Waiver


European Community ('EC') General Data Protection Regulation ('GDPR')

There has been much hullabaloo about the GDPR of late – is the noise justified and where does the South African Protection of Personal Information Act (‘POPIA’) fit into the picture?  

Before you carry on reading and reach out for a cup of coffee (or something stronger!) to clarify the confusion and complexity, let’s make one or two things quite clear:

  • The GDPR is the first comprehensive review of privacy legislation in the EC for 20 years
  • It has in fact been around for 2 years. It came into effect May 24 2016 – May 25th 2018 in simply the expiration of the 2 year grace period provided for (Similar to our Consumer Protection Act (‘CPA’) and POPIA)
  • It applies to all entities wherever they are in the world that provide goods and services to any consumer who resides in any of the 28 EC member states
  • Given the more pervasive nature of the GDPR, it is recommended that it be used as a standard rather than POPIA (see ‘aims’ below)
  • You will see references to ‘Privacy Shield’ (formerly ‘Safe Harbor’) – this only applies to data exchanges between the EC and the USA            

So as an opener and to ease your mind let’s look at some of the key similarities and then some of the key differences between the GDPR and POPIA:   


  • ‘Data Subject’ is described more broadly e.g. a person who can be identified by an ‘identifier’ such as user name or web cookie – this appears in POPIA where it refers to ‘personal information’ as including such an ‘online identifier’ (Read with definition of ‘unique identifier’)
  • ‘Personal Information’ is called ‘Personal Data’
  • The POPIA ‘Responsible Person’ (one who ‘determines the purpose of processing’) is called a ‘Controller’
  • The aforesaid role is extended to a so called ‘Processor’ e. an entity/person that processes personal data on behalf of the controller e.g. a developer or analyst, referred to in POPIA as an ‘Operator’
  • The POPIA ‘Information Officer’ is called a ‘Data Protection Officer’ BUT the definition stipulates that such a person must have ‘an extensive knowledge of data privacy laws and standards’
  • As with POPIA ‘consent’ is not required in the case of a ‘lawful basis’ (Section 11 (1) (c) & (e)) or ‘legitimate interest’ (Section 11 (1) (d) & (f))
  • It is not stated in POPIA but as you may know from my previous articles, I am of the view that the POPIA Information Officer (GDPR ‘Data Protection Officer’*) can be an external or internal appointment – the following aspects of the GDPR may be a useful guideline for an internal appointment: ensure there is no conflict of interest e.g. a financial director as opposed to the IT director or manager. Additional guidelines appear in the definition* i.e. legal, security or accounting background and knowledge of privacy.                   


 ‘Data Subject’ does NOT include legal entities (juristic persons) e.g. companies – only natural persons can rely on the protection of POPIA

  • The fines are materially highere. the greater of 4% of the entity’s global annual revenue or €20 million – compare with the POPIA R10 million. However during the period 2016/’17 of the 17300 cases investigated in the EU, only 16 fines were imposed and the highest was £500 000, 00 and this was because the breach impacted 3 million people!
  • The Data Protection Officer is only required for public authorities
  • So called ‘smaller firms’e. less than 250 employees do not have to comply with certain GDPR requirements (See list in GDPR) but they must keep a record of processing if there is ‘a risk to the rights and freedoms of the Data Subject’
  • Data breaches must be conveyed to the authorities and affected consumer within 72 hours – POPIA states ‘.. as soon as reasonably possible… ‘ (Section 22 (2))  

Now let’s briefly discuss the aims of the GDPR which, whilst aligned with POPIA, is worth considering in more detail:

  • Assess security and privacy risks by means of a data protection impact assessmente. identify when processing may result in risks to data – what is required is a ‘systematic and extensive evaluation of the organisation’s processes and what safeguards it has’
  • The assessment should address the origin, nature, likelihood and severity of such risks
  • Business must show that it has implemented strategies not only to identify and pre-empt risk but also to manage and mitigate same.
  • Preventative measures can include encryption and controlling privileges of users – ideally it should be impossible to tamper with and/or destroy data (See POPIA section 19)
  • Regular audits of data must be carried out and monitoring must of be of such a nature as to detect breaches as early as possible
  • It is imperative that security applies to the entire life cycle of data
  • Incident response must be swift as it will impact on customers, brand & share value : engage lawyers, PR, insurance and the authorities

The IBM report suggest that you look at the half full rather than the half empty glass and ‘Go Beyond Compliance’:

  • Cost benefit approach: in depth analysis of data processed and stored – if possible discard data that does not add value
  • Make privacy part of corporate culture – it may well be a good idea to incorporate it in your corporate social responsibility policy, both from an ethical and moral perspective
  • ‘Leverage privacy to drive superior customer experience – doing so may give you a competitive advantage, promote transparency, trust and brand resilience.           

I hereby wish to acknowledge the copyright of the following websites from where I obtained the bulk of the above information and quoted content:;; Forrester Research 



MAY 14 2018

DISCLAIMER – Each case depends on its own facts & merits – the above does not constitute advice – independent advice should be obtained in all instances

LEGAL ADVICE CLUB – You can obtain specialized tourism advice from Louis (37 years in tourism) on an hoc basis or by joining his legal advice club in which event the fee for the 1st hour is only R700, 00

Try us today and sign up for a 30 day FREE account                                                           Try our DEMO Indemnity | Waiver