Ms.Esther, We need to specify, amend or enact at least 3 laws in Kenya... (i) Data protection - includes privacy clauses but also covers "data residency" - general situations when/where data must be resident in Kenya or East Africa. This is to encourage data center development in our region. Also to ensure we are not held hostage by evil, local and foreign actors. A Kenyan firm may be allowed to host data in Mauritius, but a go.ke body only back-ups. For emergency services, it may be specified, data servers, MUST be hosted locally + backed up across borders, within East Africa. (ii) Privacy law - specific to privacy, but includes data (e.g. password) protection clauses. No need to travel to Canada to copy their Laws :) http://www.servercloudcanada.com/2015/09/canadian-privacy-laws-canadian-clou... (iii) "Access to information" law may be amended if it does not interpret "Access" as either "Electronic" or "Physical". For example, Go.Ke data/servers (electronic access) should be accessible by persons within Kenya where there is no IP or GSM network connection. Please follow up and keep us posted. SMM *"Better a patient person than a warrior, one with self-control than one who takes a city." Prov 16:32* On Tue, Feb 7, 2017 at 9:35 PM, esther kamande via kictanet < [email protected]> wrote:
The *current Data Protection Bill 2013 section 17 (b)* waters down the provisions regarding misuse of information in section 16 by allowing use of personal data for commercial purposes without obtaining consent as long as it is allowed by *any other law*. This clause provides a loophole that can be exploited to evade the principles provided for in section 4. Furthermore, *t**here is no provision prohibiting supply and sale of i.e electoral registers, registration of persons records* for political and commercial purposes having regard to the nature of the data contained in the registers, including in particular that it is personal data compulsorily obtained for the specific purpose of enabling Kenyans transact and qualifying electors to vote.
The current Data Protection Bill 2013 offers no solid protection to the data subject and doesn’t reflect the current best practices globally. With the current Bill, data subjects remain at the mercy of the data processors and controllers (agencies) as the legal burden/responsibility the act imposes on the authorized users is not sufficient .
There is an urgent need to revise the current draft to address some of these issues that we are currently experiencing.
Further reference: https://wbilaw.wordpress.com/ 2016/07/30/data-protection-bill-kenya-analysis/
Regards,
Esther Kamande
Advocate | Policy Analyst
Twitter: @enkamande
Regards,
Esther Kamande
Advocate | Policy Analyst
Twitter: @enkamande
On Sat, Feb 4, 2017 at 7:05 PM, Mose Karanja via kictanet < [email protected]> wrote:
A pattern is very evident since late last year on database breaches for political ends. ------ "It appears that all ID numbers from perceived Jubilee strongholds have been run through the IEBC voters register to find out their registration status. The chiefs have been issued with sheets of papers containing mobile numbers of all residents within their locations and sub locations who are not registered. …
“We got this data from the registrar of persons and the brief to the chiefs was to ascertain whether these people are registered. I don’t see anything wrong with that. We are not coercing anybody to register,” Sosio said. He added: “I don’t know whether the same is taking place in other counties but as you know, homes are run differently and this is how we have chosen to do it in Nyeri.” ------- Read more:
https://www.standardmedia.co.ke/mobile/article/2001228175/re vealed-inside-jubilee-s-vote-machine-to-beat-raila-odinga
--- Moses Karanja www.moseskaranja.com/blog
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/enkamande%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/murigi.muraya%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.