<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Listers,</p>
<p>Could it be that the administrative overhead & the associated
penalties depended on the amount of people's personal data you
hold ?</p>
<p>I.e. if you hold less than 10000 people's data you might be a
"small data processor", if you hold between 10000 and 100000
peoples data you would be medium and above you would be a large
processor... And the requirements would be scaled accordingly.</p>
<p>..</p>
<p>Mike<br>
</p>
<br>
<div class="moz-cite-prefix">On 08/28/2018 01:02 PM, Grace Bomu via
kictanet wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAMwG4px+L=VVcz-y_PKKz-fiW32WHQgzv+uZRJ3JYHSGgqc=ZQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div dir="ltr">
<div class="gmail_default"
style="font-family:verdana,sans-serif">Thank you for your
contributions so far. <br>
</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif">@Hannington, thank you
for bringing in the issue of proportionality of remedies.
While at the moment our economy is much smaller, don't you
think we shall keep growing? Also, how can we cure the fact
that there is a mix of both very small and very big players in
our scene?<br>
</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif">@Mercy and Jefferson,
your comments on pro-rating penalties are noted.<br>
I would love to get your comments on remedies for the data
subjects. How can the law provide some justice for victims of
breaches? <br>
<br>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">Il giorno mar 28 ago 2018 alle ore 12:13
Hannington Oduor via kictanet <<a
href="mailto:kictanet@lists.kictanet.or.ke"
moz-do-not-send="true">kictanet@lists.kictanet.or.ke</a>>
ha scritto:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">The GDPR model may not fit well in our context,
reason, the economy factored in that model are much bigger
hence <span
style="font-family:verdana,sans-serif;font-size:12.8px">remedies </span> to
the victim/ injured would be likewise, a copy paste here
would create a scenario where the injury is epic but
inversely propositional to the punishment. </div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Tue, Aug 28, 2018 at 9:36 AM Grace Bomu
via kictanet <<a
href="mailto:kictanet@lists.kictanet.or.ke"
target="_blank" moz-do-not-send="true">kictanet@lists.kictanet.or.ke</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div class="gmail_default"
style="font-family:verdana,sans-serif">Offences are
public in nature and their prosecution and sentencing
is carried out through the criminal justice system.
Remedies on the other hand may be considered from a
civil lens and examples include damages, restitution,
coercive (injunctions) and declaratory remedies. They
are personal and their aim is to give justice to the
injured person. A trend with newer laws is the
provision of both offences and remedies. In the
copyright law for example, in addition to criminal
offences, one can recover profits from pirated
material. <br>
Back to our bill, the following offences are created:
<br clear="all">
</div>
<div style="font-family:verdana,sans-serif"
class="gmail_default"> <span></span>
<table width="100%" cellspacing="0" cellpadding="4">
<colgroup><col width="127*"> <col width="129*"> </colgroup><tbody>
<tr valign="top">
<td style="border-color:rgb(0,0,0) currentcolor
rgb(0,0,0) rgb(0,0,0);border-style:solid none
solid solid;border-width:1px medium 1px
1px;padding:0.04in 0in 0.04in 0.04in"
width="50%">
<p style="margin-bottom:0in;line-height:115%"><b>Offence
</b> </p>
</td>
<td style="border:1px solid
rgb(0,0,0);padding:0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%"><b>Penalty
</b> </p>
</td>
</tr>
<tr valign="top">
<td style="border-color:currentcolor
currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none none solid
solid;border-width:medium medium 1px
1px;padding:0in 0in 0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">Knowingly
supplying false information to the data
commissioner during registration as a data
controller or processor ( clause 15 (3))</p>
</td>
<td style="border-color:currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none solid
solid;border-width:medium 1px 1px;padding:0in
0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">General
penalty under clause 59: </p>
<p style="margin-bottom:0in;line-height:115%">5
million shillings fine or 5 years
imprisonment or both</p>
<p style="margin-bottom:0in;line-height:115%">plus
</p>
<p style="margin-bottom:0in;line-height:115%">possible
forfeiture of equipment and prohibition
order </p>
</td>
</tr>
<tr valign="top">
<td style="border-color:currentcolor
currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none none solid
solid;border-width:medium medium 1px
1px;padding:0in 0in 0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">Data
controller or processor failing to notify
the data commissioner about a change in
particulars (clause 16 (7))</p>
</td>
<td style="border-color:currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none solid
solid;border-width:medium 1px 1px;padding:0in
0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">General
penalty </p>
</td>
</tr>
<tr valign="top">
<td style="border-color:currentcolor
currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none none solid
solid;border-width:medium medium 1px
1px;padding:0in 0in 0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">unlawful
processing of personal data (clause 27) </p>
</td>
<td style="border-color:currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none solid
solid;border-width:medium 1px 1px;padding:0in
0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">5
million shillings fine or 5 years
imprisonment </p>
</td>
</tr>
<tr valign="top">
<td style="border-color:currentcolor
currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none none solid
solid;border-width:medium medium 1px
1px;padding:0in 0in 0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">Unlawful
processing of sensitive personal data (part
v) </p>
</td>
<td style="border-color:currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none solid
solid;border-width:medium 1px 1px;padding:0in
0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">5
million shillings fine or 5 years
imprisonment </p>
</td>
</tr>
<tr valign="top">
<td style="border-color:currentcolor
currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none none solid
solid;border-width:medium medium 1px
1px;padding:0in 0in 0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">Refusing
to comply with a notice from the data
commissioner or knowingly furnishing the
commissioner with false information during
investigations (clause 52(3))</p>
</td>
<td style="border-color:currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none solid
solid;border-width:medium 1px 1px;padding:0in
0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">General
penalty </p>
</td>
</tr>
<tr valign="top">
<td style="border-color:currentcolor
currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none none solid
solid;border-width:medium medium 1px
1px;padding:0in 0in 0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">Disclosure
of personal data by controller against
specified purpose (clause 58 (1))</p>
</td>
<td style="border-color:currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none solid
solid;border-width:medium 1px 1px;padding:0in
0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">General
penalty </p>
</td>
</tr>
<tr valign="top">
<td style="border-color:currentcolor
currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none none solid
solid;border-width:medium medium 1px
1px;padding:0in 0in 0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">Disclosure
of personal data by processor without
authority of controller (clause 58 (2))</p>
</td>
<td style="border-color:currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none solid
solid;border-width:medium 1px 1px;padding:0in
0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">General
penalty </p>
</td>
</tr>
<tr valign="top">
<td style="border-color:currentcolor
currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none none solid
solid;border-width:medium medium 1px
1px;padding:0in 0in 0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">Obtaining
personal data without prior authority of
controller or processor (clause 58 (3)(a))</p>
</td>
<td style="border-color:currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none solid
solid;border-width:medium 1px 1px;padding:0in
0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">General
penalty </p>
</td>
</tr>
<tr valign="top">
<td style="border-color:currentcolor
currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none none solid
solid;border-width:medium medium 1px
1px;padding:0in 0in 0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">Disclosure
to a third party (clause 58 (3) (b))</p>
</td>
<td style="border-color:currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none solid
solid;border-width:medium 1px 1px;padding:0in
0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">General
penalty</p>
</td>
</tr>
<tr valign="top">
<td style="border-color:currentcolor
currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none none solid
solid;border-width:medium medium 1px
1px;padding:0in 0in 0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">Offer
(advertisement) to sell personal data
obtained through unlawful disclosure
((clause 58 (4))</p>
</td>
<td style="border-color:currentcolor rgb(0,0,0)
rgb(0,0,0);border-style:none solid
solid;border-width:medium 1px 1px;padding:0in
0.04in 0.04in" width="50%">
<p style="margin-bottom:0in;line-height:115%">General
penalty</p>
</td>
</tr>
</tbody>
</table>
<br>
</div>
<div style="font-family:verdana,sans-serif"
class="gmail_default">The bill has taken the criminal
law track and has not provided remedies targeting
persons injured by contravention of the bill. It does
however create a complaints mechanism where the public
can lodge complaints with the data commissioner. The
powers of the commissioner in addressing such
complaints are limited to issuing notices.(and we
shall be discussing more about the office powers of
the data commissioner in due course)<br>
<br>
</div>
<div style="font-family:verdana,sans-serif"
class="gmail_default">Our discussion today is on the
question of choosing the offences route as opposed or
in addition to the civil route. What are our thoughts
on this? Should we have borrowed the pro-rated model
of the GDPR where controllers/processors are charged
administrative fines according to their revenue? <br>
</div>
<div style="font-family:verdana,sans-serif"
class="gmail_default">And when we come to offences,
are they adequate? Should the magnitude of the offence
be measured against the size of the data processor or
are all sins equal despite might of the transgressor?<br>
<br>
</div>
<div style="font-family:verdana,sans-serif"
class="gmail_default">Listers, please share your views
on these issues. As usual, we welcome identification
of good and problematic clauses. Welcome to the
discussion. <br>
</div>
<br>
-- <br>
<div dir="ltr"
class="m_5111340709609490910m_-6494123561120388673gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Grace Mutung'u <br>
Skype: gracebomu<br>
@Bomu<br>
<span style="font-size:12.8px">PGP ID
: 0x33A3450F</span><br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
_______________________________________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke"
target="_blank" moz-do-not-send="true">kictanet@lists.kictanet.or.ke</a><br>
<a
href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
Twitter: <a href="http://twitter.com/kictanet"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://twitter.com/kictanet</a><br>
Facebook: <a href="https://www.facebook.com/KICTANet/"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://www.facebook.com/KICTANet/</a><br>
Domain Registration sponsored by <a
href="http://www.eacdirectory.co.ke" rel="noreferrer"
target="_blank" moz-do-not-send="true">www.eacdirectory.co.ke</a><br>
<br>
Unsubscribe or change your options at <a
href="https://lists.kictanet.or.ke/mailman/options/kictanet/hanningtondr%40gmail.com"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.kictanet.or.ke/mailman/options/kictanet/hanningtondr%40gmail.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a
multi-stakeholder platform for people and institutions
interested and involved in ICT policy and regulation. The
network aims to act as a catalyst for reform in the ICT
sector in support of the national aim of ICT enabled
growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of
acceptable behaviors online that you follow in real life:
respect people's times and bandwidth, share knowledge,
don't flame or abuse or personalize, respect privacy, do
not spam, do not market your wares or qualifications.<br>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr" class="m_5111340709609490910gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr"><span style="color:rgb(111,168,220)"><br>
<i><b>Computer and Cellular Forensic Investigator<br>
Cyber Crime Unit <br>
CID HQ Nairobi <br>
0720-727003<br>
<u>ENCASE II C.H.F.I</u></b></i></span><br>
</div>
</div>
_______________________________________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank"
moz-do-not-send="true">kictanet@lists.kictanet.or.ke</a><br>
<a
href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
Twitter: <a href="http://twitter.com/kictanet"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://twitter.com/kictanet</a><br>
Facebook: <a href="https://www.facebook.com/KICTANet/"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://www.facebook.com/KICTANet/</a><br>
Domain Registration sponsored by <a
href="http://www.eacdirectory.co.ke" rel="noreferrer"
target="_blank" moz-do-not-send="true">www.eacdirectory.co.ke</a><br>
<br>
Unsubscribe or change your options at <a
href="https://lists.kictanet.or.ke/mailman/options/kictanet/nmutungu%40gmail.com"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.kictanet.or.ke/mailman/options/kictanet/nmutungu%40gmail.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
platform for people and institutions interested and involved
in ICT policy and regulation. The network aims to act as a
catalyst for reform in the ICT sector in support of the
national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable
behaviors online that you follow in real life: respect
people's times and bandwidth, share knowledge, don't flame or
abuse or personalize, respect privacy, do not spam, do not
market your wares or qualifications.<br>
</blockquote>
</div>
<br clear="all">
<br>
-- <br>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Grace Mutung'u <br>
Skype: gracebomu<br>
@Bomu<br>
<span style="font-size:12.8px">PGP ID : 0x33A3450F</span><br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
kictanet mailing list
<a class="moz-txt-link-abbreviated" href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>
<a class="moz-txt-link-freetext" href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a>
Twitter: <a class="moz-txt-link-freetext" href="http://twitter.com/kictanet">http://twitter.com/kictanet</a>
Facebook: <a class="moz-txt-link-freetext" href="https://www.facebook.com/KICTANet/">https://www.facebook.com/KICTANet/</a>
Domain Registration sponsored by <a class="moz-txt-link-abbreviated" href="http://www.eacdirectory.co.ke">www.eacdirectory.co.ke</a>
Unsubscribe or change your options at <a class="moz-txt-link-freetext" href="https://lists.kictanet.or.ke/mailman/options/kictanet/michael%40pluspeople.dk">https://lists.kictanet.or.ke/mailman/options/kictanet/michael%40pluspeople.dk</a>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
</pre>
</blockquote>
<br>
</body>
</html>