According to PwC’s 21st Century CEO Survey 2018, 45% of CEOs in the Africa region cited cyber threats as an area of concern to their organisations’ growth prospects. It is against this backdrop and the wider conversation on Cybersecurity and Data Protection in the Africa Union that Kenya recently enacted the Computer Misuse and Cybercrimes Act, 2018 which came into force on 30th May 2018.
This creates offences relating to the misuse of computer systems and cybercrimes. The offences range from unauthorised interference with a computer system, unauthorised interception of data transmission to the knowing publication of false information calculated to cause panic, chaos or which is likely to discredit the reputation of a person.
It also introduces a raft of provisions to enable the timely and effective detection, prohibition, prevention, response and investigation of cyberthreats. The Act also incorporates a number of provisions to enhance international co-operation in dealing with those threats.
While the constitutionality of various offences under the Act is the subject of much media coverage and a Constitutional Petition, the obligations placed on the owners and operators of systems designated as critical infrastructure or national critical information infrastructure is also noteworthy. Those whose systems, networks, assets are deemed essential to the health, safety, security and the economic well-being of the country will in time need to ensure they are familiar and compliant with the Act.
At this time however, the fate of 26 provisions of the Act hang in the balance after the High Court granted a temporary conservatory order on 29th May 2018, halting the coming into force of a number of provisions of the Act. It remains to be seen whether these provisions will ultimately be declared unconstitutional.
Be that as it may, the Act which has long been in deliberation marks a significant step in providing a legal basis to counter real cyber security concerns in a world where valuable data and information is increasingly available and exposed to a diversity of threats.
Please contact Mark Odaga, email: Odaga.firstname.lastname@example.org for further information.