Thank you for contributions so far and apologies that I could not come in earlier, I had shortage of the other data :)
It seems that, like with many other aspects of our society, there are those who are far ahead in appreciating the role of data in present and future economies and therefore, they are collecting as much as possible even where the purposes are not immediately clear. A good example is government systems as pointed out by Indeje and private systems as shown on Mariga's Twitter thread example.

On the other hand, there are those who have little or no knowledge of the implications of data processing. And so as pointed out by Ali and William, data processing activities can be couched in political narratives and tied to national security without proper safeguards for the security of the data.

To add on to Gideon's points, why should we have data security in the first place? Is it primarily to protect the data economy or should we also have conversations about how data is changing our personhood and to what extent we need to center data protection frameworks around the person?

Being that we are a nascent data economy, are there good practices that we have already seen and should encourage? For example, after banks have suffered data attacks,have they developed better data security standards? (this is clickbait for Barrack who is more knowledgeable on standards)

@ Mariga, by the way, through the Private Security Regulation Act, private security providers are expected to protect data they collect and only use it for limited purposes of identification (section 48), collection of MPesa data is also regulated under the communications act, just like health info is also regulated. So how come there are still glaring data security problems even with regulation? What could be done better?

As we answer these questions, let us also attempt to give proposals that could be incorporated in upcoming frameworks like data protection bills that are being prepared/debated in Parliament. One specific issues that we could talk about is how to get redress for data security issues like unlawful processing of data, protection from automated decisions and breaches to data. Should these be dealt with under criminal law, administrative fines (an authority fining the party on the wrong) or civil court (where those whose data has been breached sue)?

2018-07-11 12:46 GMT+03:00 william mathenge via kictanet <kictanet@lists.kictanet.or.ke>:

Hi listers,

Amazing insights being shared so far and one can only be grateful.

Are our existing mechanisms for mitigation and response to incidences adequate for emerging threats?
At the moment the mechanisms cannot be stated to be adequate, if anything, we are vulnerable more than ever without the proverbial 'Data Protection Legislation' to profiling and all other forms of proliferation of personal data. The extent of this proliferation cannot be understated as was seen in the link below.
http://kenyalaw.org/caselaw/cases/view/151117/
The Computer Misuse and CyberCrimes Bill is majorly unconstitutional and the Political agenda in enacting it was quite distinct.

Do we have positive cases or good practices to imitate?
Since we cannot rely on the Soft Infrastructure that has been cited, data minimalism is an effective initiative we can undertake as a means of individual security measures. Kind of taking the law into your own hands only now you'd be taking your data into your own hands.
Data minimalism is however moot without sufficient sensitization from the earliest age possible on the need to limit the amount of personal data divulged online.
So to achieve adequate data security in the existing cyberspace, outreach and sensitization programmes on the need for data minimalism would best fit tackling the challenges to personal data security.

What challenges that remain and how can we address them?
Again sensitization on Privacy and what Data one provides while scrolling, liking, commenting and generally using social media platforms would go a long way. The implications of filling online forms and/or linking third party users to online accounts that store our personal data are vast and unprecedented in a negative way. Access to the internet grows faster and deeper by the day and little or no consumer education is provided on the dynamics of accessing it such as Data.
We can do better, ought to do better to ensure we thrive in a data driven economy.

Kind Regards,
William (LL.B)

On Wed, Jul 11, 2018 at 8:00 AM Grace Bomu via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers,
Thank you to all who contributed to yesterday's topic. The thread is still open for those who may have further thoughts on content regulation.
Welcome to Day 2 of online pre KIGF debates where out topic today is Strengthening Data Security in the Context of Emerging Trends. We shall look at cybersecurity in the context of data.

Barely a few weeks ago, social media was awash with memes of Wazir Boniface Chacha, the young man alleged to have conned MPs after getting access to their phone data. Later when this was used as a justification in debates for the Cybercrime Act, some wondered whether the political process had used the Chacha saga to justify the quick passage of a law creating offences.

But beyond "small data" in our personal possession, many SMEs , corporations, institutions, societies and other bodies are holding significant amounts of data.
In this community, the wider issue of cyber security has been a recurring theme in KIGF. It is generally agreed that the best approach is a multi-pronged one that includes the law, good practices, effective mitigation and response to incidences at multiple levels, creation of awareness and technical solutions among others. Having gotten a new law in the form of the Cybercrimes Act, are we assured of data security?
Are our existing mechanisms for mitigation and response to incidences adequate for emerging threats?
Do we have positive cases or good practices to imitate?
What challenges that remain and how can we address them?

Welcome to the discussion.

--
Grace Mutung'u
Skype: gracebomu
@Bomu
PGP ID : 0x33A3450F

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/willbill.mathenge%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/nmutungu%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

Grace Mutung'u
Skype: gracebomu
@Bomu
PGP ID : 0x33A3450F