Day 1:Discussion of the Data Protection (Civil Registration) Regulations 2020
Dear Listers . Following the release of the following regulations :- 1) Data Protection (Civil Registration) Regulations 2020 2) Registration of Persons (National Integrated Identity Management Systems (NIIMs), Regulations 2020 Today we shall cover the first on* Data Protection* and we shall discuss the NIIMs regulations tomorrow . The following are a few questions to guide our discussion:- 1) On the definition of Civil Registry a list of public agencies has been given, should these regulations apply to other state agencies which collect personal data for example the National Employment Authority, NSSF, NHIF etc or would these fit under a separate set of regulations? 2) What happens to existing civil registry databases, shall there be a transition for example IPRS, this is missing in the current draft? 3)The regulations make provisions for requests by public entities what about provisions for requests by private entities? 4) Do you feel that adequate provisions have been made for the protection of your data that will be held by civil registries? Kind regards, Rosemary Koech-Kimwatu Advocate Head of Public Policy Oxygene MCL Tel: +254 718 181644
Dear Rosemary, My responses in line On Mon, Feb 24, 2020 at 12:11 PM Rosemary Koech-Kimwatu via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Dear Listers .
Following the release of the following regulations :-
1) Data Protection (Civil Registration) Regulations 2020 2) Registration of Persons (National Integrated Identity Management Systems (NIIMs), Regulations 2020
Today we shall cover the first on* Data Protection* and we shall discuss the NIIMs regulations tomorrow . The following are a few questions to guide our discussion:-
1) On the definition of Civil Registry a list of public agencies has been given, should these regulations apply to other state agencies which collect personal data for example the National Employment Authority, NSSF, NHIF etc or would these fit under a separate set of regulations?
*BO:* Ideally, Line Ministries and Semi Autonomous Government Agencies and Independent Commissions should pick citizen data from a single point to avoid duplication. This data should be covered by the Data Protection Act
2) What happens to existing civil registry databases, shall there be a transition for example IPRS, this is missing in the current draft?
*BO:* I think we need a single data base that contains Citizen Data (those that have ID's) Our ID numbers are our primary key's for that reason any data related to every Kenyan Citizen as identified by the National ID should be covered by the Data Protection Act.
3)The regulations make provisions for requests by public entities what about provisions for requests by private entities?
Provisions for requests by Private entities should also be incorporated. Personally Identifiable Information (PII) is the back bone for any thriving e-commerce economy
4) Do you feel that adequate provisions have been made for the protection of your data that will be held by civil registries?
*BO*: At this point i am looking forwad to the appointment of a Data Protection Commissioner so that we can start testing the act. I will have a better answer after that.
Kind regards,
Rosemary Koech-Kimwatu Advocate Head of Public Policy Oxygene MCL Tel: +254 718 181644
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
Dear Barrack, Thank you for your response. Listers, I have attached herein the regulations for your ease of review. Looking forward to your input. Kind regards, On Mon, Feb 24, 2020 at 1:13 PM Barrack Otieno <otieno.barrack@gmail.com> wrote:
Dear Rosemary,
My responses in line
On Mon, Feb 24, 2020 at 12:11 PM Rosemary Koech-Kimwatu via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Dear Listers .
Following the release of the following regulations :-
1) Data Protection (Civil Registration) Regulations 2020 2) Registration of Persons (National Integrated Identity Management Systems (NIIMs), Regulations 2020
Today we shall cover the first on* Data Protection* and we shall discuss the NIIMs regulations tomorrow . The following are a few questions to guide our discussion:-
1) On the definition of Civil Registry a list of public agencies has been given, should these regulations apply to other state agencies which collect personal data for example the National Employment Authority, NSSF, NHIF etc or would these fit under a separate set of regulations?
*BO:* Ideally, Line Ministries and Semi Autonomous Government Agencies and Independent Commissions should pick citizen data from a single point to avoid duplication. This data should be covered by the Data Protection Act
2) What happens to existing civil registry databases, shall there be a transition for example IPRS, this is missing in the current draft?
*BO:* I think we need a single data base that contains Citizen Data (those that have ID's) Our ID numbers are our primary key's for that reason any data related to every Kenyan Citizen as identified by the National ID should be covered by the Data Protection Act.
3)The regulations make provisions for requests by public entities what about provisions for requests by private entities?
Provisions for requests by Private entities should also be incorporated. Personally Identifiable Information (PII) is the back bone for any thriving e-commerce economy
4) Do you feel that adequate provisions have been made for the protection of your data that will be held by civil registries?
*BO*: At this point i am looking forwad to the appointment of a Data Protection Commissioner so that we can start testing the act. I will have a better answer after that.
Kind regards,
Rosemary Koech-Kimwatu Advocate Head of Public Policy Oxygene MCL Tel: +254 718 181644
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
-- Rosemary Koech-Kimwatu Advocate Legal and Regulatory Specialist- Oxygene MCL Tel: +254 718 181644
participants (2)
-
Barrack Otieno
-
Rosemary Koech-Kimwatu