The government is making concerted efforts to protect citizen’s data from cyber threats such as malware. According to a recent Serianu report, there has been an increase in cybercrimes in the country by 40% between 2015 and 2017. The report also shows that Kenya lost 15.1 shillings in 2015 and in 2017, the amount rose to 21.1 billion shillings. It is against this that the principal secretary for ICT and innovation Jerome Ochieng says that the government is now forging solutions and strategies to curb the vice. He made these remarks at the national cybersecurity conference currently being held at Safari park hotel.
Even as the government promises this, what stands out is that parliament has yet to enact the data protection bill 2018.
Once enacted, the bill will give effect to article 31(c) and Article 31(d) of the constitution of Kenya 2010, which guarantees the right of every person not to have “information relating to their family or private affairs unnecessarily required or revealed” and the right not to have “the privacy of their communications infringed”.
In keeping with article 24 (1) of the constitution, the bill provides that the right to privacy will be limited for the following purposes: protection of national security and public interest, prosecution of a crime, protection of the rights of others and for compliance with an obligation imposed by law.
The bill follows the path taken by the European Union in enacting the general data protection regulation (“the GDPR”) in May 2018 and makes Kenya the second country in East Africa after Rwanda to have legislation dedicated to data protection.
At a time when user information is increasingly at risk from hackers, the bill will hold entities and persons responsible for data breaches. The recent Facebook data breach that affected 87 million users is a good example of how important it is to protect user information and the implications such data breaches can have on a business.
The bill will complement computer misuse and cybercrime act, which protects Kenyans against cyber infiltration, interference, and unauthorized access. This law provides for a fine of up to Khs.20 million or a ten-year jail term in an effort to curb cyber-criminal activities.
Are we leaving a huge hole unresolved as we chat ways of protecting our data when a strong framework in the data protection bill lays neglected?
