[kictanet] Kenya’s data protection bill ready for adoption

S.M. Muraya murigi.muraya at gmail.com
Sun May 11 07:57:37 EAT 2014 

An example of what sound policy causes....

http://blogs.office.com/2014/04/18/office-365-operated-by-21vianet-becomes-generally-available-in-china/


Regards

Murigi / Stanley Muraya

*"Better a patient person than a warrior, one with self-control than one
who takes a city." Prov 16:32*


On Sat, May 10, 2014 at 5:27 PM, Ephraim Percy Kenyanito via kictanet <
kictanet at lists.kictanet.or.ke> wrote:

> Hi Muraya,
>
> Sorry for late reply.
>
> I have been in little access to networks since morning due to travels,
>
> I had seen the Bill earlier but am not sure if its the same version as the
> final one. I will go through this final draft on the CIC website and send
> you my 2 cents.
>
> Otherwise we can go though it and see how we interpret it as Michael has
> shared.
>
> Thanks again Michael for the link.
>
> Michael, my only plus to this is that at least its great that info
> collected has to be used only for the purpose colllected and it prevents
> situations such as political parties from registering people using MPESA/
> YU Cash/ Airtel Money agents transaction registers.
>
> Hope to hear more discussions around this Bill.
>
> My 2 cents,
> Ephraim Percy Kenyanito (Mobile)
>
> *Kenya Data Protection Bill, 2013*
>
> A highlight of key provisions by Michael Murungi
>
> Full text of the draft bill available from: The Commission for the
> Implementation of the Constitution<http://www.cickenya.org/index.php/legislation/bill-tracker>
>
>  *Sponsor**:* ICT Cabinet Secretary
>
> *Status: *At the Attorney General's office, awaiting publication and
> debate in the National Assembly
>
>
>  *Objectives: *
>
>    -
>
>    to give effect to Article 31(c) of the Constitution - the right of a
>    person not to have ‘information relating to their family or private affairs
>    unnecessarily required or revealed”
>    -
>
>    to give effect to Article 31(d) of the Constitution - the right “not
>    to have the privacy of their communications infringed”
>    -
>
>    to regulate the collection, retrieval, processing, storage, use and
>    disclosure of personal data
>
>
>  *Definition of personal data - *section 2 pg 5
>
> Quite broad, and includes:
>
>    -
>
>    information on race, gender, sex, pregnancy, marital status,
>    nationality, ethnicity, colour, age, health, disability, religion, belief,
>    culture, language, birth, education, criminal or employment history,
>    financial transactions, any identifying number or symbol linked to the
>    person, fingerprints, blood type, contact details including telephone number
>    -
>
>    a person’s private communications
>    -
>
>    a person’s private views or opinions about another person
>    -
>
>    information given in relation to a grant, award or prize to be made to
>    a person
>
>
>  *Principles of data protection - *that will guide the application of the
> Act - section 4, pg 6
>
>    -
>
>    necessity of collecting information
>    -
>
>    collection not to violate privacy
>    -
>
>    informed consent of the data subject
>    -
>
>    disclosure of purpose of collection of info - if the purpose changes,
>    inform the data subject
>    -
>
>    no unwarranted retention of information (info not to be kept for
>    longer than necessary after its purpose has been achieved)
>    -
>
>    distribution of info to be consistent with purpose of collection
>    -
>
>    duty to ensure the info is accurate, updated and complete
>    -
>
>    duty to take measures to safeguard data from loss, damage, destruction
>    and unauthorised access
>    -
>
>    data subjects have right to access the info and to demand correction
>
>
>  *Person collecting personal data must ensure that the data subject is
> aware of the following: *(section 7)
>
>    -
>
>    that the info is being collected
>    -
>
>    the purpose for collecting
>    -
>
>    name and addresses of the collector, the custodian and any other
>    agency that will receive the info
>    -
>
>    the intended recipients of the info
>    -
>
>    any law under which the info is collected (and whether it is mandatory)
>    -
>
>    consequences of not providing the info fully or partly
>    -
>
>    the right to access and correct the info
>
>  ** **For those who have already collected personal data through a
> procedure that meets this criteria, no need to go over the procedure again
> - section 7(4)*
>
> ** If it is not practicable to comply with the above before collecting the
> info, then compliance can be reasonably soon after collecting the info -
> section 7(3)(a)*
>
>
>  *Exceptions to the procedure above, where: *(section 9)
>
>    -
>
>    The info is publicly available
>    -
>
>    the collection of the info is required by law
>    -
>
>    the collection of the data from a 3rd party is authorised by the
>    subject
>    -
>
>    the interests of the data-subject are not prejudiced
>    -
>
>    the purpose for which the info is collected necessitates
>    non-compliance with this procedure
>    -
>
>    compliance is not reasonably practicable
>    -
>
>    the info was not to be used to identify the data subject, including
>    for statistical and research purposes
>    -
>
>    the collection of the information is necessitated by:
>     -
>
>       need to avoid a threat to law and order by a public entity,
>       including criminal investigation, prosecution and punishment
>       -
>
>       enforcing a financial penalty imposed by law
>       -
>
>       protection of public revenue and property
>       -
>
>       filing court proceedings
>       -
>
>       exemptions provided in the law on access to information
>
>
>  *Availing information in good faith * - section 27
>
>    -
>
>    where an agency ‘avails personal data in good faith’, no court
>    proceedings may be brought against it for any consequences of availing the
>    data
>
>
>  *Right of access to data *- section 13
>
>    -
>
>    Where an agency keeps personal data or where a person believes that an
>    agency is keeping his personal data in a readily retrievable form
>     -
>
>       the person shall have access to the data
>       -
>
>       the agency shall have a procedure for receiving, acting upon and
>       responding to inquiries by the data subject about the nature of the
>       information and requests to correct false or misleading data.
>
>
>  *Commercial use of data - *section 17
>
>    -
>
>    Personal data not to be used commercially except if it is authorised
>    by law or the consent of the data subject has been obtained.
>
>
>  *Issuing unique identifier - *section 18
>
>    -
>
>    An agency that assigns ‘unique identifiers’ to people to take all
>    reasonable steps to establish persons assigned
>
>
>  *Punishment for interfering with personal data - *section 19
>
>    -
>
>    It’s an offence to ‘interfere’ with personal data or to ‘infringe’ on
>    a person’s right to privacy. offence punishable by a fine of up to Kshs.
>    500,000 (USD 5,800) or 2 years jail or both
>
>
>  *Oversight, enforcement and complaints procedure  * - sections 20- 23
>
>    -
>
>    To be the responsibility of the Commission on Administrative Justice -
>    (established under the *Commission on Administrative Justice Act, 2011*<http://www.kenyalaw.org:8181/exist/kenyalex/actview.xql?actid=CAP.%20102A>
>    )
>    -
>
>    The functions and powers of the commission
>     -
>
>       receive and investigate complaints/violations of the Act
>       -
>
>       provide a dispute resolution mechanism
>       -
>
>       ensure that public entities have adequate safeguards for data
>       protection
>       -
>
>       where there is a violation:
>        -
>
>          make an order stopping further acts of violation
>          -
>
>          order a remedying action by the perpetrator of the violation
>          -
>
>          make an order for such remedy/relief as it considers appropriate
>          -
>
>          where there is financial loss, benefit loss or humiliation, loss
>          of dignity and injury, it may advise the complainant to seek damages in
>          court against the respondent.
>
>
>    -
>
>    The ICT Cabinet Secretary has power to make regulations under the Act
>
>
>
>
>
> Kindest regards,
> Michael M. Murungi
>
>
>
> On 10 May 2014 13:27, Michael Murungi <michaelmurungi at gmail.com> wrote:
>
>> Ephraim
>> You can download and review the Access to Info and Data Protection Bills
>> on this link <http://www.cickenya.org/index.php/legislation/bill-tracker> -
>> please let us know what you find. Will also try and do a summary and share
>>
>> Kindest regards,
>> Michael M. Murungi
>>
>>
>>
>> On 10 May 2014 00:39, Ephraim Percy Kenyanito via kictanet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>>> Interesting read especially with the ongoing ideas on fresh registration
>>> people:
>>>
>>>
>>> http://www.itwebafrica.com/ict-and-governance/256-kenya/232836-kenyas-data-protection-bill-ready-for-adoption
>>>
>>> Best Regards,
>>>  ​​
>>> *Ephraim Percy Kenyanito*
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>
>>> Unsubscribe or change your options at
>>> https://lists.kictanet.or.ke/mailman/options/kictanet/michaelmurungi%40gmail.com
>>>
>>>
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>> for people and institutions interested and involved in ICT policy and
>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>> sector in support of the national aim of ICT enabled growth and development.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people's times and bandwidth,
>>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>>> not spam, do not market your wares or qualifications.
>>>
>>
>>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/murigi.muraya%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20140511/48a512a8/attachment.htm>

More information about the KICTANet mailing list