Picture source: Getty/iStock
Mulalo Tshililo’s article ‘Liability of a legal practitioner through the lens of a lay person’ 2024 (Nov) DR 42 warrants a reply. The article focusses on the Supreme Court of Appeal’s (SCA) judgment in Edward Nathan Sonnenberg Inc v Hawarden 2024 (5) SA 9 (SCA) (the ENS case). An informative note on that judgment is also included under the delict topic in the article on law reports in the same edition (G Pienaar, J Mendelsohn, J Botha and S Pietersen ‘The Law Reports’ 2024 (Nov) DR 38).
The test for liability of legal practitioners in either contract, delict or arising from a breach of a fiduciary is long established in South African law. For an edifying examination of this topic see, for example, chapters 4 and 5 of the scholarly work, The Legal Profession in South Africa: History, Liability and Regulation (Cape Town: Juta 2021), authored by Professor Bernard Wessels. In most cases, the party alleging liability on part of a legal practitioner is a lay person, whether as a former client of the firm concerned or some other party affected by the legal practitioners alleged acts or omissions. To succeed, the plaintiff, lay person or otherwise, must prove all the elements of the cause of action pleaded against the legal practitioner. The elements of each cause of action are also a matter of settled law. The principles of liability for other professions, for example medical practitioners, are also set out in South African law and apply equally to all claimants, lay persons or otherwise.
Principles of liability cannot, in my respectful view, be adjusted to suit one class of claimants against legal practitioners. Would different principles then be developed in the determination of liability for other professions such as accountants, auditors, tax or financial advisers who also render professional services, in some instances akin to the advice provided by legal practitioners? Lay persons are represented by qualified legal practitioners in most actions brought against other legal practitioners. The point of a lay person instructing a legal expert is that the latter’s expertise will be applied to ensure that the claimant’s rights, if any, to compensation are properly pursued.
Whether a plaintiff is a lay person in any field is a factual, not a legal, matter. I am not aware of a common law definition of a lay person. In every case involving alleged liability of a legal practitioner by a natural person, the personal circumstances of the plaintiff (lay person or not) are pleaded and covered in the evidence adduced in court. That evidence may be relevant in the consideration of either the mandate, liability or even the quantum claimed.
Ms Tshililo’s proposal that the ‘common law should be developed to include a definition of a lay person and such person’s qualifications’ thus does not, in my respectful view, have a basis in fact or existing common law warranting development. If a person has qualifications in a particular discipline, they cannot then be said to be lay persons. Will an exhaustive checklist be applied in each case? Will there be a scale with varying degrees of inclusion in, or exclusion from, the proposed definition of a lay person? Will the proposed development only apply to cases involving the liability of legal practitioners or to all cases? Developing a definition of a lay person as proposed in the article will not assist in attaching liability to law firms for cybercrime or other losses where none would otherwise exist.
My view in respect of what is stated in the last line of the article under reply is that the assessment whether a legal practitioner has acted negligently (presumably in a case framed in delict) is assessed by considering whether the elements of the alleged delict have been proven. All the elements either exist contemporaneously or one or more may not be present, irrespective of whether the plaintiff is a lay person or not. The test for assessing negligence on the part of legal practitioners is also a matter of settled law (see Wessels (op cit) at 226-234 and the authorities cited there).
The question regarding the liability of a conveyancer posed in the opening paragraph of Ms Tshililo’s article has also been addressed by the courts on several occasions, including the SCA’s examination of this question in Margalit v Standard Bank of South Africa Ltd and Another 2013 (2) SA 466 (SCA) at 473A-474E.
Ms Hawarden, the respondent in appeal before the SCA, was the plaintiff in the court a quo. The article under reply quotes a passage from the ENS case where the SCA (at 15B-D) summarised the respondent’s cause of action. For ease of reference, I repeat the quote:
‘[13] Ms Hawarden pleaded further that the reasonableness of imposing a legal duty on ENS and to hold it liable for the damages suffered by her in breach thereof is supported by the following considerations of public and legal policy, in accordance with constitutional norms. That ENS is a large, sophisticated firm of attorneys compared to Ms Hawarden, who is an elderly divorced pensioner without the knowledge, experience or resources to protect herself against sophisticated cybercrime, of which she had no knowledge or experience.’
The article then goes on to incorrectly, with respect, describe to the quoted passage as a ‘defence’. As stated, Ms Hawarden was the plaintiff, not defendant, in the action in the court a quo. She would thus not have put up a defence. A defence is pleaded by a defendant in its plea and evidence led thereon at the trial. A plaintiff pleads a cause of action, not a defence. In several parts of the article, Ms Tshililo, incorrectly with respect, refers to a ‘defence’ in reference to scenarios she postulates about lay persons as plaintiffs. The other scenarios referred to in the article relate to knowledge of a pre-ligation notification prescribed by the Institution of Legal Proceedings Against Certain Organs of State Act 40 of 2002 and does not apply to actions against legal practitioners in private practice. Section 12(3) of the Prescription Act 68 of 1969 addresses the rest of the prescription points raised. That point has also been addressed in several cases, including Links v Department of Health, Northern Province 2016 (4) SA 414 (CC). Initiating a diligent investigation as early as possible will enable any party (lay person or otherwise) to establish the facts on which an alleged debt arises and assist in overcoming the requirements of s 12(3) of the Prescription Act.
The article under reply states that ‘[cybercrime] is not a matter of law; it is a global pandemic.’ While being a global pandemic, cybercrime is certainly a matter of law in several respects. As the name suggests, this is a form of crime that has criminal law implications. In South Africa, several pieces of legislation, including the Cybercrimes Act 19 of 2020, are aimed at addressing the scourge of cybercrime. Victims of cybercrime who suffer financial losses may institute legal proceedings against the responsible parties for compensation. The legal proceedings may, for example, be framed in contract, delict, a breach of a fiduciary duty owed or even as applications for interdicts. Employees implicated in cybercrime, in breach of the terms of their employment, risk facing the employment law consequences of their actions. The repository of South African judgments is replete with cases involving cybercrime in general, and business e-mail compromise (BEC) in particular. There are various products offered by the insurance industry as risk transfer measures for cybercrime related losses. Principles of liability and insurance law, respectively, have developed in response thereto. The law has had to develop in response to the cybercrime pandemic. I thus, with respect, disagree that cybercrime is not a matter of law. It affects various areas of the law.
Cybercrime does not only affect law firms. Anyone using the Internet and technology is at risk of falling victim to cybercrime. The ENS case concerned a loss caused by BEC. This is just one type of modus operandi employed by perpetrators of cybercrime. The breach in that case occurred in the respondent’s environment, not on the side of the law firm (12E-F). My point is that all users (including lay persons) of electronic means of communication and conducting financial transactions must have a heightened awareness of cyber risks.
Several recent cases show the prevalence of cybercrime in general, and BEC in particular, for all types of businesses and lay persons, not just law firms. Regard can be had to the following cybercrime related judgments delivered in 2024:
In order to demonstrate the risk of cybercrime to people outside of the legal profession, and lay persons in general, I have omitted cases involving legal practitioners from the list above.
In so far as the prevalence of cybercrime is concerned, Bhoopchand AJ observed in Movienet Networks (Pty) Ltd that:
‘1. The scourge of cybercrime continues unabated. E-mails are especially susceptible to its expanding tentacles. Cybercriminals can target e-mails at the point of posting, the point of receipt, or in transit. Recognised methods of attack are phishing and spear phishing. In phishing attacks, the cybercriminals craft a deceptive e-mail and send it out widely, hoping to lure unsuspecting victims. In spear phishing attacks, cybercriminals target specific individuals.
The SCA confined itself to considering ‘whether or not Ms Hawarden has in particular established the wrongfulness element for a delictual claim arising out of an omission causing pure economic loss’ (at 15H-I) and, overturning the decision of the court a quo, found against her in that respect. The existence or not of a fiduciary duty was not before the court. It is unclear from the article under reply where the references to fiduciary duties are drawn from or how they purportedly relate to the SCA’s ratio decidendi.
The liability of a legal practitioner must be considered against the already established principles of South African law. Lowering the threshold for liability will, in my view, open the floodgates of liability for the profession and risks the ‘real danger of indeterminate liability’ (ENS case at 17J). The proposal in the conclusion of Ms Tshililo’s article is thus, with respect, impractical and open to legal challenge.
Tackling the scourge of cybercrime requires a multi-pronged approach by all stakeholders to raise awareness of its prevalence, highlight the various types of modus operandi used by perpetrators and educate everyone on the measures that can be implemented to mitigate this risk. The law enforcement and prosecution authorities must make the prosecution of perpetrators a priority. That multi-pronged approach will, in my opinion, go further in addressing the scourge of cybercrime than one which seeks to extend the net of liability of legal practitioners.
Ms Hawarden has applied to the Constitutional Court for leave to appeal the SCA’s decision. The apex court has not decided yet whether it will grant the leave to appeal sought.
Thomas Harban BA LLB (Wits) is the General Manager of the Legal Practitioners Indemnity Insurance Fund NPC in Centurion.
This article was first published in De Rebus in 2025 (April) DR 12.
