legislation dealing with IT

Introduction: Legislation of ICT

· There many problems and opportunities that are presented by the use of ICT. The purpose of legislation is to control and regulate the use of ICT. Different acts result in different benefits to the end user or other people affected by the technology.

· – There are a lot of drawbacks of ICT. The drawbacks of ICT are as follows: 1) There is International fraud 2) there is Misuse of personal information. 3) spam, which is junk mail These are all illegal offences but cannot be stopped by these people who are making a nuisance and money out of this. 4) -Copyright and other intellectual property The Copyright, Design and Patents Act 1988 are applicable to various types of creations, including databases, text, graphics and sounds by an author or an artist.

· Use of computer systems can be intrusive and can lead to the loss of privacy to the individual. Legislation can protect against this intrusion.

· Legislation protects people and ensures that there is no abuse by others to those investing in the technology.

· Example of Legislations in US are: Data protection act in 1998 - The Data Protection Act now covers certain types of manual records (like health records) as well as electronic records. -The Data Protection Act that was made in 1998 -Basically the data protection act is so that the wrong people don't get hold of your work that you do not want them to see. -Computer misuse act in 1990 The Computer Misuse Act 1990 is there to stop the problem of people hacking into computer systems. In the early days of hacking the problem wasn't taken very seriously, people were just mucking around, rather than as something, which could cause serious loss or problems to companies, organisations and others. With new things in technologies the issue has become more serious and legislation was introduced stop these three things

Privacy

The issue of privacy has become one of the hottest topics in information.

The ability to collect information on an individual, combine facts from separate sources, and merge it with other information has resulted in databases of information that were previously impossible to set up.

The aggregation of data from multiple sources permits unethical organizations to build databases of facts with frightening capabilities.

International Laws And Legal Bodies

Recently the Council of Europe drafted the European Council Cyber-Crime Convention, designed to create an international task force to oversee a range of security functions associated with Internet activities, and to standardize technology laws across international borders. It also attempts to improve the effectiveness of international investigations into breaches of technology law.

This convention is well received by advocates of intellectual property rights with its emphasis on copyright infringement prosecution.

· European Council Cyber-Crime Convention:

· Establishes international task force overseeing Internet security functions for standardized international technology laws

· Attempts to improve effectiveness of international investigations into breaches of technology law

· Well received by intellectual property rights advocates due to emphasis on copyright infringement prosecution

· Lacks realistic provisions for enforcement

Digital Millennium Copyright Act (DMCA)

The Digital Millennium Copyright Act (DMCA) is the US version of an international effort to reduce the impact of copyright, trademark, and privacy infringement especially through the removal of technological copyright protection measures.

The European Union also put forward Directive 95/46/EC that increases protection of individuals with regard to the processing of personal data and on the free movement of such data.

The United Kingdom has already implemented a version of this directive called the Database Right.

United Nations Charter

To some degree the United Nations Charter provides provisions for information security during Information Warfare.

Information Warfare (IW) involves the use of information technology to conduct offensive operations as part of an organized and lawful military operation by a sovereign state. IW is a relatively new application of warfare, although the military has been conducting electronic warfare and counter-warfare operations for decades, jamming, intercepting, and spoofing enemy communications.

· Makes provisions, to a degree, for information security during information warfare (IW)

· IW involves use of information technology to conduct organized and lawful military operations

· IW is relatively new type of warfare, although military has been conducting electronic warfare operations for decades

Policy Versus Law

Most organizations develop and formalize a body of expectations that describe acceptable and unacceptable behaviors of the employee within the workplace. This body of expectations is called policy.

Properly executed policies function in an organization like laws, complete with penalties, judicial practices, and sanctions to require compliance.

For a policy to become enforceable, it must be:

Distributed to all individuals who are expected to comply with it.

Readily available for employee reference.

Easily understood with multi-language translations and translations for visually impaired, or literacy-impaired employees.

Acknowledged by the employee, usually by means of a signed consent form.

Only when all of these conditions are met, does the organization have the reasonable expectation that should an employee violate policy, they may be appropriately penalized without fear of legal retribution.

· Most organizations develop and formalize a body of expectations called policy

· Policies serve as organizational laws

· To be enforceable, policy must be distributed, readily available, easily understood, and acknowledged by employees

Relevant Kenya Laws -General Computer Crime Laws:

In general ICT use is beneficial; however, as with all technology, computers may be put to the wrong use. In order to safeguard computer users in the Kenya there are different types of legislation covering the many uses or misuses of Information and Communications Technology (ICT).

In 1997, the Government issued the Telecommunications and Postal Sector Policy Guidelines that created an environment for competition in several ICT market segments paving the way for the enactment of the Kenya Communications Act, 1998, thus far the principal legislation governing the ICT industry in Kenya. The new Act repealed the Kenya Posts and Telecommunications Corporation Act and established:

(a) The Communications Commission of Kenya (CCK) as the Telecommunications, Radio Communications and Postal sector regulator;

(b) The National Communications Secretariat to serve as a national policy advisory body;

(c) The Communications Appeals Tribunal;

(d) Telkom Kenya; and

(e) The Postal Corporation of Kenya.

The telecommunications, radio communications and postal services markets, previously characterized by a dominant national operator, were liberalized and several operators were licensed to provide selected services, including mobile telephony, though residual monopoly powers were retained for the national operator.

The Government of Kenya has already put in place policies and incentives for the ICT sector. Institutions have been established to ensure the smooth running and management of the ICT sector including; a) The Communications Commission of Kenya (CCK) b) Communications Appeals Tribunal c) The National Communication Secretariat d) The Kenya ICT Board. The Legal Framework a) The Communication (Amendment) Act 2009,

The principal object of the Bill is “to streamline and introduce regulatory standards in information technology and broadcasting…..by transforming and empowering the Communications Commission of Kenya into a fully-fledged information and communications technology sector regulator”. broadcasting…..by transforming and empowering the Communications Commission of Kenya into a fully-fledged information and communications technology sector regulator”.

• The Kenya Communications Act, 1998

The Bill seeks to address the following policy imperatives:

(a)create regulatory, advisory and dispute resolution bodies to support the implementation of the national information and communications technology policy;

(b) provide a new regulatory framework for broadcasting stations and services;

(c) providing for the licensing of certification service providers and country top- level domain administrators; and

(d) provide for computer-related offences including reprogramming of mobile telephones.

• The National ICT Policy Guidelines, 2006: Policy embracing contemporary principles in ICT.

• The Kenya Information &Communications Technology Board Order.

This piece seeks to highlight some of the key national legislative instruments that touch on ICT and would have an impact on the industry in 2019

 a) Access to Information Act

The Act seeks to create a framework to facilitate access to information held by private bodies and promote routine and systematic information disclosure by both public service and private service.

The Act cements citizens’ right to access information and this may not be limited by what the public entity’s beliefs are as to the person’s reasons for seeking access. Access to information of a public entity or private body shall be provided expeditiously and inexpensively.

The law also highlights inclusivity, access and accessibility, Proactive Disclosure and circumstances for limitation of this right and Information which may be withheld. The law was passed on 16/8/2016 and received Presidential assent on 31/8/2016.

b) Copyright Amendment Bill

In an attempt to actively protect the rights of copyright owners through law enforcement and to prevent digital content piracy, the Kenya Copyright Board commenced work on amending the Copyright Act to facilitate protection of creative works on digital and online platforms through introducing intermediary liability provisions for ISPs.

The Copyright Amendment Bill is yet to be presented before Parliament for debate but it is expected to be presented early in the year.

c) The Cyber Security and Protection Bill, 2016

The principal object of this this bill was to provide increased security in cyberspace and to provide for the prohibition of certain acts in the use of computers. The law seeks to provide for the prohibition, prevention, detection, response, investigation and prosecution of cybercrimes to establish the national cyber security response unit and for connected purposes.

The law provides for creation of the National Computer Incidence Response Team, allows the CS to designate certain systems as critical infrastructure, to assess risk and determine harm from unauthorized access and or damage to such systems and recommend methods of securing systems against institutional cyber threats.

It permits for information sharing agreements between public and private entities to ensure cyber security, protection of life and national security.

It also created offences including for unlawful access to a computer system, system interference, unlawful interceptions, interception of electronic messages or money transfers, willful misdirection of electronic messages, forgery, fraud, unauthorized modification of data, cyber terrorism, cyber bullying, child exploitation, wrongful distribution of intimate images, cybersquatting among others.

This was a Senate Bill proposed by Hon Mutahi Kagwe and has since been withdrawn to allow for further public consultations and collection of views on the law.

d) Computer and Cybercrimes Bill 2016

This and the Cyber Security and Protection Bill, 2016 are closely similar and both deal with computer and cybercrime.

This particular one is before the National Assembly and intends to provide for offences relating to computer systems; to enable timely and effective collection of forensic material for use as evidence, and facilitate international co-operation in dealing with cybercrime matters; and for other connected purposes.

The provisions in international cooperation are very elaborate unlike in the senate bill to facilitate the investigation and prosecution of cybercrimes; and facilitate international cooperation in fighting cybercrime as in the Budapest Cybercrime Convention.

The offenses are largely similar to those in the earlier cybercrime bill and adopted from now existing provisions in the Kenya Information and Communications Act such as Unauthorized  access, Access  with  intent  to  commit  further  offence, unauthorized  interference and  interception, use of illegal  devices  and  access  codes,  Unauthorized  disclosure  of  password  or  access  code ,child  pornography, computer  forgery and computer  fraud, cyber stalking  and  cyber bullying among others.

Computer and Cyber Act to be implemented: Cabinet Secretary for ICT Joe Mucheru has said the government has focused on four key areas in the Computer misuse and Cyber Act 2018 in a bid to ensure successful implementation. Mr Mucheru said the government is seeking support from development partners to create awareness among citizens about the Act, training investigators on collection of evidence, train the prosecutors on what constitutes cybercrime  and create awareness among judicial officers on the Act.

e) Data Protection Bill

The data protection bill has been pending for almost 4 years now, it seeks to provide for protection of personal information and hereby give effect to the constitutional right of a person not to have information relating to their family or private affairs unnecessarily required or revealed.

It embraces the principles of data protection such as necessity of collecting information, data subjects’ right to access information about them, imposition of duty to ensure information is accurate, updated and complete.

f) The Election Laws (Amendment) Bill, 2015

The Proposed Bill sought to introduce more elaborate provisions on the use of technology for elections and in the democratic process. The Bill intends to provide for registration of voters using biometric identification systems and an integrated electronic electoral system which includes biometric voter registration, biometric voter identification and electronic result transmission system.

Additionally, the proposed law also proposes the opening and availing of the register of voters for verification of biometric data by members of the public through online platforms unlike prior manual means.

The law also seeks to create a technical committee consisting of such members and officers of the Commission and such other relevant agencies, institutions or stakeholders who may be considered necessary to oversee the adoption of technology in the electoral process and implement the use of such technology. The ICT industry has given opinions to the Senate Committee through submission of memoranda.

g) The Films, Stage Plays and Publications Act (Proposed)

It touched on several industries including the creatives’, content development, film production, broadcasting, software (game) development, advertising and the telecommunications industries.

With this we saw an attempt to regulate over-the-top (OTT) services, we witnessed a change of scope in the mandate of the regulatory body extended mandating the board to regulate the creation, exhibition and distribution of films, for the classification of broadcast content, online content and outdoor advertisements and to provide consumer advice to enable adults to make informed viewing choices.

It sought to enforce ISP liability for content to be exhibited or distributed through their platforms which was not classified and works availed by users who were not registered by the board as content creators.

This proposed law was a draft and has neither been published in the Kenya Gazette nor tabled before parliament for discussion. At the stakeholders meeting, board CEO, Dr. Mutua unequivocally stated that the bill was trashed and would restart the process of legislative drafting afresh beginning with the development of an industry policy to act as a guide.

h) The Finance Bill 2016

The Finance Bill sought to amend the law relating to various taxes and duties and for matters incidental thereto.

It introduced the duty to submit third party returns, that a person shall, upon being, required to do so by the commissioner, furnish the commissioner with returns showing such information, in such form and manner and within such time as the commissioner may prescribe.

This provision as relates to fin-tech firms could, if misinterpreted go against the right to privacy and data protection.

It also provides that SACCOs, banks, microfinance institutions and public utility companies ought to mandatorily submit information on clients.

Finally, the law states that there shall be data sharing between cross border regulators and institutions of their clients.

There’s a disclaimer proviso, that there is a mutual legal framework for the sharing of credit information; and the credit information is required for the discharge of a lawful duty or the performance of a lawful purpose by the person requesting for the information.

The law was passed and received presidential assent on 20/9/2016.

i) The Information Communication Technology Practitioners Bill, 2016

ICT players in Kenya were up in arms over a proposed bill called the Information Communication Technology Practitioners Bill, 2016 through #KilltheICTBill.

The key contentious issue with the bill was the need for all ICT Practitioners to be registered by the Professional Body Institution of ICT Practitioners; and that one of the key requirements for registration was a University Degree from a reputable University. Also, key stakeholders felt that the Bill was not representative of the situation on the ground and would hinder innovation rather than encourage it contrary to the ICT policy and government development agenda.

It provided that the institution would approve courses for purposes of registration of ICT practitioners, administer examinations, plan, arrange, co-ordinate and oversee continuing professional training and development of ICT practitioners.

It made it criminal for a person to practice as an ICT practitioner without complete compliance of statutory requirements and without an a valid practice license by the Council. So we didn’t see any bit in the policy on ICT practitioners, what the current problem being solved is or the philosophical underpinning.

Not just the institute, there is also proposed, a council to oversee the role of the institute and issues the practicing licenses. As per the ministry’s press release, it was clarified that the bill was a private members bill and even noted that the bill was not congruent with the proposed draft policy.

It went through the first reading on 22nd June 2016, debated in parliament on 06 July 2016.

j) Draft National ICT Policy

The Ministry of Information and Communications Technology had been working on development and drafting of a National ICT policy as outlined here and here. As per the policy, the core reason for this action was due to the rapid change and dynamic nature of technology.

The process of drafting the proposed ICT policy cemented the fact that the ICT Sector has embraced multi stakeholder-ism and established a collaborative system of co–working.

The policy adequately provided for innovators and content creators, ICT practitioners, local manufacturers, animation and game developers, academic researchers, the business community and telcos, financial technology service providers, persons with disabilities and Kenyans at large. Read more about the ICT policy here.

How you benefit from the List of IT laws

· Know all laws related to IT

· Determine what you must comply with

· Save time by having a list of all IT laws in one place with a summary and links for further reading

Who should ICT Legislations

People who are responsible for IT governance, risk and compliance, including:

· IT Governance officers and specialists – to govern IT

· Compliance officers – to effectively comply with IT laws

· Information (protection) officers – to balance access to information and protection of personal information

· Legal advisors (corporate lawyers or in-house lawyers) – to provide good legal advice on IT issues

· Information Security Officers – to secure IT

· CIOs and IT Managers – to manage IT

· CAEs, auditors and assurance providers (internal and external) – to audit and provide assurance regards IT

· CROs and Risk Managers – to address IT legal risks

Computer Ethics: by the Computer Ethics Institute

1. Thou shalt not use a computer to harm other people.

2. Thou shalt not interfere with other people's computer work.

3. Thou shalt not snoop around in other people's computer files.

4. Thou shalt not use a computer to steal.

5. Thou shalt not use a computer to bear false witness.

6. Thou shalt not copy or use proprietary software for which you have not paid.

7. Thou shalt not use other people's computer resources without authorization or proper compensation.

8. Thou shalt not appropriate other people's intellectual output.

9. Thou shalt think about the social consequences of the program you are writing or the system you are designing.

10. Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.