Grace and all

This is a pertinent issue in 2018. First let me address this in the context of Policy and Legislation.

1. In the absence of solid Policy and laws regarding Data Security we are really groping in the dark. I appreciate that there are various initiatives ongoing to remedy this situation. From a personal data security there’s always the issue of who is accessing my data - this needs to be viewed from a personal security angle i.e hackers, unauthorized use of data by corporates, unsolicited communication using data mining tools, government subpoenas etc.

2. From a Corporate perspective the above is relevant but from a body corporate perspective. This becomes more important considering the magnitude of data some corporates hold and the potential liabilities and losses that can arise through data breaches. For example it is alleged that Kenyan banks lost Kshs.30 billion in the last 3 years. 

https://www.standardmedia.co.ke/business/article/2001232241/how-kenyan-banks-lost-sh30-billion-in-two-years-to-tech-savvy-criminals

3. From a government perspective it takes on a National Security perspective. As the proliferation of Cloud Computing becomes standard operating procedure for most organizations governments are starting to ask pertinent questions about control, access to data etc. One critical issue that is now a major block is the one about Data Sovereignty. In a nutshell the issues around Data Sovereignty can be encapsulated in one sentence.

Data sovereignty comes into play when an organisation's data is stored outside of their country and is subject to the laws of the country in which the data resides. The main concern with data sovereignty is maintaining privacy regulations and keeping foreign countries from being able to subpoena data.

Bottom line I’d urge us to expedite the building of both hard (roads, bridges, fiber etc) and soft (enabling policy, laws and regulations etc) infrastructure. Soft Infrastructure is not going in tandem with hard Infrastructure. Data Security is a key component of this. Without this in place we cannot expect Tier 4 Data Centre operators to even think about investing in Kenya.

Ali Hussein

+254 0713 601113 

Twitter: @AliHKassim

Skype: abu-jomo

LinkedIn: http://ke.linkedin.com/in/alihkassim

Blog: www.alyhussein.com

"Discovery consists in seeing what everyone else has seen and thinking what no one else has thought".  ~ Albert Szent-Györgyi

Sent from my iPad

On 11 Jul 2018, at 7:52 AM, Grace Bomu via kictanet <kictanet@lists.kictanet.or.ke> wrote:

Listers,
Thank you to all who contributed to yesterday's topic. The thread is still open for those who may have further thoughts on content regulation.
Welcome to Day 2 of online pre KIGF debates where out topic today is Strengthening Data Security in the Context of Emerging Trends. We shall look at cybersecurity in the context of data.

Barely a few weeks ago, social media was awash with memes of Wazir Boniface Chacha, the young man alleged to have conned MPs after getting access to their phone data. Later when this was used as a justification in debates for the Cybercrime Act, some wondered whether the political process had used the  Chacha saga to justify the quick passage of a law creating offences.

But beyond "small data" in our personal possession, many SMEs , corporations, institutions, societies and other bodies are holding significant amounts of data.
In this community, the wider issue of cyber security has been a recurring theme in KIGF. It is generally agreed that the best approach is a multi-pronged one that includes the law, good practices, effective mitigation and response to incidences at multiple levels, creation of awareness and technical solutions among others. Having gotten a new law in the form of the Cybercrimes Act, are we assured of data security?
Are our existing mechanisms for mitigation and response to incidences adequate for emerging threats?
Do we have positive cases or good practices to imitate?
What challenges that remain and how can we address them?

Welcome to the discussion.

--
Grace Mutung'u
Skype: gracebomu
@Bomu
PGP ID : 0x33A3450F

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40campusciti.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.