Hello Bomu,

Good conversation!

Here is my starting point- do we care about data security? More-so, do we care that our personal information is treated in a cavalier manner? The Cambridge Analytica exposé touched on Kenya too. Where was our anger? Yes there was some noise on Twitter but no concrete action ensued. It has since become a footnote in parliamentary debates. When the incident with Waziri Chacha happened, the legislators' concern was that someone was sending them unsavoury photos. Never was it discussed as a violation of privacy issue. Unfortunately, it may take a tragic occurrence for us to begin appreciating the value of keeping some information sacred. We need an attitude change. Perhaps we should simulate how the situation in the now famous Twitter thread Mariga mentioned could have ended in a calamitous way. Maybe then we will begin to care. 

On the other hand, data collectors and traders appreciate the worth of data. It is after all, the new oil. Unsuspecting Kenyans have handed over tonnes of information to them. They should assume the position of a trustee and deal with that information diligently. I realise as I type this, that this is wishful thinking. So let me make a policy proposal instead. 

Those of us who can see the risk we are exposed to should actively engage in the policy making process. On Wednesday (18th July 2018) the Senate will hold a public hearing on the Data Protection Bill. We must show up. Before then, let’s read the Bill. Let’s understand the angle taken by legislators, and highlight the gaps. Let’s make sure that the resultant Act is one that focuses more on the person than on the data or its economic benefits. This is how we force the executive and the data gluttons to be responsible with our data. How we will be able to demystify NEMIS and demand that data on children should be deleted once they leave a certain school. 

To answer @Alex, it is there in the Constitution at Article 31- that you have the right not to have information relating to your family or private affairs unnecessarily REQUIRED or REVEALED and the right not to have your privacy infringed. 

Ni hayo tu kwa sasa. 
On 11 Jul 2018, at 12:17, Mariga Wang'ombe via kictanet <kictanet@lists.kictanet.or.ke> wrote:

Here's a short Twitter thread on basic ways that we give away our information

https://twitter.com/alkags/status/1011626368847794177

There are small ways we give away information without even thinking about it e.g when paying via Mpesa at restaurants and they ask to see our confirmation message- the has two problems- one you give away your Mpesa balance but additionally, you give away other Mpesa transactions- the names of people, the numbers and the value of your transactions.

Additionally, when we get into buildings and leave them with our ID cards and then give them details including our phone numbers.

There are endless ways to harvest data from a population that isn't conscious about it





On 11 July 2018 at 09:37, David Indeje via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers,

This is an interesting topic now that almost every service we get from the government is being automated to ensure our personal details are captured. 
For instance, our children are being registered in schools digitally,  NTSA, KRA, NHIF/NSSF and so much more.

It is a fact that data sharing is a way of life now. Credit cards, e-commerce, and online banking all rely on personal data being transmitted to companies via technology.
Thus, security must become our way of life too. On the other hand, We can’t rely on orgs, companies, and brands to protect our data in the way that we would.

Therefore, we should: Not give up personal data easily

Ultimately, how policies are crafted, and how much we invest in data security will pay off.  For instance, The enactment of the Access to Information Act ensures that information within Government custody is freely available to the public. This will provide opportunities for openness and transparency thus stifling corruption. The public will have the opportunity to peruse public information and hold government accountable.



Kind Regards,



David Indeje 


 +254 (0) 711 385 945|  +254 (0) 734 024 856      Khusoko

    Skype: david.indeje 



On Wed, 11 Jul 2018 at 08:02, Grace Bomu via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers, 
Thank you to all who contributed to yesterday's topic. The thread is still open for those who may have further thoughts on content regulation. 
Welcome to Day 2 of online pre KIGF debates where out topic today is Strengthening Data Security in the Context of Emerging Trends. We shall look at cybersecurity in the context of data. 

Barely a few weeks ago, social media was awash with memes of Wazir Boniface Chacha, the young man alleged to have conned MPs after getting access to their phone data. Later when this was used as a justification in debates for the Cybercrime Act, some wondered whether the political process had used the  Chacha saga to justify the quick passage of a law creating offences. 

But beyond "small data" in our personal possession, many SMEs , corporations, institutions, societies and other bodies are holding significant amounts of data. 
In this community, the wider issue of cyber security has been a recurring theme in KIGF. It is generally agreed that the best approach is a multi-pronged one that includes the law, good practices, effective mitigation and response to incidences at multiple levels, creation of awareness and technical solutions among others. Having gotten a new law in the form of the Cybercrimes Act, are we assured of data security? 
Are our existing mechanisms for mitigation and response to incidences adequate for emerging threats?
Do we have positive cases or good practices to imitate?
What challenges that remain and how can we address them? 

Welcome to the discussion. 

-- 
Grace Mutung'u 
Skype: gracebomu
@Bomu
PGP ID : 0x33A3450F

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/davidindeje%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/marigawangombethoithi%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.




-- 
Kind Regards,

Mariga Wang'ombe wa Thoithi

+254 721 629 658/ +254 731 053 816
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/kaninimutemi%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.