[kictanet] Kenya IGF Online Discussions Day 2: Strengthening Data Security in the Context of Emerging Trends

Wed Jul 11 13:21:14 EAT 2018

Thank you for contributions so far and apologies that I could not come in
earlier, I had shortage of the other data :)
It seems that, like with many other aspects of our society, there are those
who are far ahead in appreciating the role of data in present and future
economies and therefore, they are collecting as much as possible even where
the purposes are not immediately clear. A good example is government
systems as pointed out by Indeje and private systems as shown on Mariga's
Twitter thread example.

On the other hand, there are those who have little or no knowledge of the
implications of data processing. And so as pointed out by Ali and William,
data processing activities can be couched in political narratives and tied
to national security without proper safeguards for the security of the
data.
To add on to Gideon's points, why should we have data security in the first
place? Is it primarily to protect the data economy or should we also have
conversations about how data is changing our personhood and to what extent
we need to center data protection frameworks around the person?

Being that we are a nascent data economy, are there good practices that we
have already seen and should encourage? For example, after banks have
suffered data attacks,have they developed better data security standards?
(this is clickbait for Barrack who is more knowledgeable on standards)

@ Mariga, by the way, through the Private Security Regulation Act, private
security providers are expected to protect data they collect and only use
it for limited purposes of identification (section 48), collection of MPesa
data is also regulated under the communications act, just like health info
is also regulated. So how come there are still glaring data security
problems even with regulation? What could be done better?

As we answer these questions, let us also attempt to give proposals that
could be incorporated in upcoming frameworks like data protection bills
that are being prepared/debated in Parliament. One specific issues that we
could talk about is how to get redress for data security issues like
unlawful processing of data, protection from automated decisions and
breaches to data. Should these be dealt with under criminal law,
administrative fines (an authority fining the party on the wrong) or civil
court (where those whose data has been breached sue)?

2018-07-11 12:46 GMT+03:00 william mathenge via kictanet <
kictanet at lists.kictanet.or.ke>:

> Hi listers,
>
> Amazing insights being shared so far and one can only be grateful.
> Are our existing mechanisms for mitigation and response to incidences
> adequate for emerging threats?
> At the moment the mechanisms cannot be stated to be adequate, if anything,
> we are vulnerable more than ever without the proverbial 'Data Protection
> Legislation' to profiling and all other forms of proliferation of personal
> data. The extent of this proliferation cannot be understated as was seen in
> the link below.
> http://kenyalaw.org/caselaw/cases/view/151117/
> The Computer Misuse and CyberCrimes Bill is majorly unconstitutional and
> the Political agenda in enacting it was quite distinct.
>
> Do we have positive cases or good practices to imitate?
> Since we cannot rely on the Soft Infrastructure that has been cited, data
> minimalism is an effective initiative we can undertake as a means of
> individual security measures. Kind of taking the law into your own hands
> only now you'd be taking your data into your own hands.
> Data minimalism is however moot without sufficient sensitization from the
> earliest age possible on the need to limit the amount of personal data
> divulged online.
> So to achieve adequate data security in the existing cyberspace, outreach
> and sensitization programmes on the need for data minimalism would best fit
> tackling the challenges to personal data security.
>
> What challenges that remain and how can we address them?
> Again sensitization on Privacy and what Data one provides while scrolling,
> liking, commenting and generally using social media platforms would go a
> long way. The implications of filling online forms and/or linking third
> party users to online accounts that store our personal data are vast and
> unprecedented in a negative way. Access to the internet grows faster and
> deeper by the day and little or no consumer education is provided on the
> dynamics of accessing it such as Data.
> We can do better, ought to do better to ensure we thrive in a data driven
> economy.
>
> Kind Regards,
> William (LL.B)
>
>
> On Wed, Jul 11, 2018 at 8:00 AM Grace Bomu via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> Listers,
>> Thank you to all who contributed to yesterday's topic. The thread is
>> still open for those who may have further thoughts on content regulation.
>> Welcome to Day 2 of online pre KIGF debates where out topic today is Strengthening
>> Data Security in the Context of Emerging Trends. We shall look at
>> cybersecurity in the context of data.
>>
>> Barely a few weeks ago, social media was awash with memes of Wazir
>> Boniface Chacha, the young man alleged to have conned MPs after getting
>> access to their phone data. Later when this was used as a justification in
>> debates for the Cybercrime Act, some wondered whether the political process
>> had used the  Chacha saga to justify the quick passage of a law creating
>> offences.
>>
>> But beyond "small data" in our personal possession, many SMEs ,
>> corporations, institutions, societies and other bodies are holding
>> significant amounts of data.
>> In this community, the wider issue of cyber security has been a recurring
>> theme in KIGF. It is generally agreed that the best approach is a
>> multi-pronged one that includes the law, good practices, effective
>> mitigation and response to incidences at multiple levels, creation of
>> awareness and technical solutions among others. Having gotten a new law in
>> the form of the Cybercrimes Act, are we assured of data security?
>> Are our existing mechanisms for mitigation and response to incidences
>> adequate for emerging threats?
>> Do we have positive cases or good practices to imitate?
>> What challenges that remain and how can we address them?
>>
>> Welcome to the discussion.
>>
>> --
>> Grace Mutung'u
>> Skype: gracebomu
>> @Bomu
>> PGP ID : 0x33A3450F
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>> Domain Registration sponsored by www.eacdirectory.co.ke
>>
>> Unsubscribe or change your options at https://lists.kictanet.or.ke/
>> mailman/options/kictanet/willbill.mathenge%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
> Domain Registration sponsored by www.eacdirectory.co.ke
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/
> mailman/options/kictanet/nmutungu%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
>

-- 
Grace Mutung'u
Skype: gracebomu
@Bomu
PGP ID : 0x33A3450F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20180711/7e1055c9/attachment.htm>