Comments - International Cooperation; Extradition? Protection (point of "disprotection") of Kenyan nationals? Foreign nationals? - How this is covered. - The Listed New Clause; Proposes Cabinet Secretary responsible for Internal Security develops SOPS. Thus in establishment of National Cybersecurity Council, presumably a very high stakes national agency now that intelligent crime has lifted to the cyber, s/he should sit in, not just their representative. - Suited Domicile; National Cybersecurity Council; The agency is a good recommendation. What are the chances that such an agency would be under MOITC? DG CA to be the Secretary? Feeding Into; Hii ni kama security council. I expect that cybesecurity should be the breakfast for a digital age President and teams. Good practices elsewhere may also enlighten; on its roles, purposes which would help guide on this. - http://www.klrc.go.ke/index.php/constitution-of-kenya/155-chapter-fourteen-n... - Name; Consider National Cybersecurity Advisory Council - which feeds into the national security council. Then under MOITC, DG CA etc. And can have many people with different hats. - National Cybersecurity Council; Inclusion of Devolution Ministry - The existing governance system is through counties - the counties stand as point of vulnerablity and require to be in the light and accountability. - National Cybersecurity Council; It would be hard to escape from Financial Services Representative - this is the greatest area that pinches or is - National Cybersecurity Council; Business Association - these people need to be in the loop - National Cybersecuirty Council; "n" and 'r" - "r" has associations for determination of place to choose from or they use "n"? - When TOR is developed, to include sharing of quarterly national cybersecurity report; a people informed may be better able to enhance their and in turn make us more cyber secure. - <That said on the Council, it appears to be very big - trying to fit in many hats. And yes, Forensics is missing> - Effect of GDPR; Europe's direction, few nation will not be impacted or follow suit - from fines intensity to giving the data power back to the consumers. - Finally; After all the law has said all it may, Mwananchi on being breached should be "compensatable". That said, on the business front, our corporations and we all are in trouble, not because they should be but because the environment might be complacent now. This aspect requires to be a top topical matter on each CEOs crisis boardroom. A good GDPR piece below to close with. Thank you for the guiding summary. Be blessed.Regards/Wangari ============= ‘GDPR is the biggest change in 20 years but no reason to panic’ - Mobile News Online | | | | | | | | | | | ‘GDPR is the biggest change in 20 years but no reason to panic’ - Mobile Ne... By Elliot Mulley-Goodbarne Exploring the fact and fiction behind the upcoming General Data Protection Regulation Data. The industry buzzwor... | | | | Exploring the fact and fiction behind the upcoming General Data Protection Regulation"Data. The industry buzzword. From surfing the internet on your phone to the bank details on your computer, the term seems to traverse every conversation in relation to technology.It’s a word you’re likely to read, hear and probably say a lot more over the next 12 months as the General Data Protection Regulation (GDPR) from the European Union comes into force on May 25. Businesses across Europe will need to take a stricter view to protecting the information they hold.The primary purpose of the regulation is to strengthen and unify data protection for all European Union citizens, giving them back control of personal data.As well as data protection, the impending regulations also give the subject of that information the power to see the details a company holds and the right to be forgotten when that information is no longer necessary.With an update in rules there is a change in the financial implications of breaking them, which will grow from £500,000 to €20 m (£17.6 m) or four per cent of annual global turnover, whichever is greater.""Increased Control One of the larger points for GDPR is the increased control that will be given to the subject of the information that businesses hold.As part of the new regulations, companies are required to be more transparent with customers as to what data it holds on a person, with that person also being afforded the right to be forgotten and the right to portability; in short, subjects will be able to find out what data a business has, and have it erased if the information is not needed.However, placing control of data in the hands of the consumer also has the potential to drain company resources as millions of customers will soon have the right to have a request answered within a month.Research from Exonar also pointed out that more than 9.5 million mobile subscribers in the UK will be making subject access requests (SAR) to their network provider once GDPR goes live in four months’ time.""Thinking TwiceAccording to Seward, the onus on compliance and to protect data has always been on the possesser of the information, however, the changes that will come into affect from GDPR will make companies think twice about their security policies.“This is placing more and more emphasis on the possessors as more and more data is captured around customers.“Things like credit card details, address details, credit files or transactional details is all data that needs to be kept secure.Parker said: “We are all familiar with these pre-populated tick boxes people use when they are doing online shopping which means you get hit with a lot of marketing as a consequence.“Those days are categorically over, individuals will now have to explicitly give consent for people to use personal information.”Evans also stressed the importance of knowing what information companies can hold and added that some may be caught out by the new regulations.She said: “Companies need to understand the information that you’ve got and what the risk is in holding it, making sure that, where they are holding personal information, they have the legal right to do so.“There are some big headlines that come under GDPR. I think most organisations are addressing them well but obviously it is worth thinking about.”Along with the change in how businesses can gather consent, any consent previously given may also need to be sought again if it was not given in a way that will comply with the impending regulations.""OpportunityBut all is not lost with this new regulation. Seward says there is evidence that GDPR has opened a huge opportunity for businesses to capitalise on non-compliance. He added: “GDPR compliance definitely has been a pull for the past two years.“People have been saying that this is coming and you need to be compliant or you need to put in place the necessary steps to protect your data and I think it’s probably now that people are waking up and realising that in May they will need to do something about this.“You’ll probably find that bigger organisations such as banks and financial services have been doing this for a long time. Small businesses probably haven’t thought about this but it is something that they need to switch on to and look at.”..."--- Pray God Bless. 2013Wangari circa - "Being of the Light, We are Restored Through Faith in Mind, Body and Spirit; We Manifest The Kingdom of God on Earth". On Friday, 9 February 2018, 11:56, Julius Njiraini via kictanet <kictanet@lists.kictanet.or.ke> wrote: Dear Victor allow me to comment on the above subject, i would wish to observe the following amendment - On national cyber security, we add - Representative of organization dealing with private digital forensics investigation services.These will helps in linking with other forensics categories in case of multiple evidence identification links. - Representative of organization dealing with accounting profession. These will helps in digital records accounting investigation as technical financial audit. 2. on functions of cyber crime, i propose we add to develop,register and regulate cyber crime professionals On Wed, Feb 7, 2018 at 10:38 PM, Victor Kapiyo via kictanet <kictanet@lists.kictanet.or.ke> wrote: Dear Listers, As GG has mentioned, kindly find attached the consolidated points on the bill. Kindly review and make additional suggestions on the proposals. Looking forward to your feedback. Good day. On 8 Feb 2018 09:06, "Grace Githaiga via kictanet" <kictanet@lists.kictanet.or.ke > wrote: Good morning Listers. As you are aware, bunge's Departmental Committee on Communications, Information and Innovations has called for comments on the Computer and Cybercrimes bill 2017. The comments have to be submitted by Tuesday, February 13, 2018. KICTANet's working group on cybersecurity has been working on this proposed bill and already identified some areas considered needing attention. And due to time constraint, Victor Kapiyo will share it shortly. The idea is to improve the submission to include aspects of CIRTs for counties and any additional changes that may have resulted since the bill was released. Victor, over to you on how we proceed. Best regards Githaiga, Grace Co-Convenor Kenya ICT Action Network (KICTANet) Twitter:@ggithaiga Tel: 254722701495 Skype: gracegithaiga Alternate email: ggithaiga@hotmail.com Linkedin: https://www.linkedin.com/in/gr acegithaiga www.kictanet.or.ke "Change only happens when ordinary people get involved, get engaged and come together to demand it. I am asking you to believe. Not in my ability to bring about change – but in yours"---Barrack Obama. ______________________________ _________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/m ailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTA Net/ Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/vkapiy o%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. ______________________________ _________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/ mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/ KICTANet/ Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/ njiraini2001%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/wangarikabiru%40yahoo.... The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.