Strengthen cyber laws to safeguard citizens’ data

In a more digitalised world, our personal data has become a valuable asset. Kenyans and people across the globe depend on digital platforms for almost all facets of everyday life, including mobile money transactions, internet banking, social networking, and e-commerce.

However, this digital transformation has significant risks. Cybercrime, identity theft, and data breaches are increasing, jeopardising both individual privacy and national security.

To protect everyone in the digital age, Kenya must urgently strengthen its cyber legislation and ensure its efficient implementation.

Kenya has achieved considerable progress in digital transformation. With about 40 million smartphone users and the majority of government services being available online, digital platforms have revolutionised service delivery.

Mobile money services, including M-Pesa, internet banking, e-commerce, and governmental platforms such as the E-Citizen, have streamlined daily life for millions.

However, this ease entails a vulnerability: extensive quantities of personal data are collected and kept digitally, sometimes without adequate protection. Cybercriminals exploit vulnerabilities in inadequate legal frameworks, attacking both people and organisations.

At present, Kenya has many legislative frameworks pertaining to cybercrime and data protection. The Computer Misuse and Cybercrimes Act (2018) and the Data Protection Act (2019), including the Computer Misuse and Cybercrime (Amendment) Act, 2024, which was recently signed by President William Ruto, provide a legal framework for addressing cybercrime and safeguarding personal data.

The Data Protection Act mandates that organisations manage people’s personal information with due diligence, get permission before data collection, and alert authorities of any breaches.

Although these pieces of legislation represent progress, enforcement continues to be a challenge. Many instances of data abuse and cybercrime remain unreported owing to insufficient knowledge, protracted legal procedures, or inadequate technological capabilities.

A significant issue is the vulnerability of sensitive information maintained by both private and governmental entities. Prominent examples in Kenya and elsewhere have shown that personal data, such as bank records, health information, and identifying details, may be compromised, disclosed, or exploited.

The consequences for people include financial loss, reputational harm, and even physical threat.

Widespread cyber vulnerability may erode confidence in digital services, hinder the adoption of e-governance projects, and weaken Kenya's appeal to investors in the digital economy.

To tackle these challenges, numerous measures are essential. First, Kenya must enhance its cyber legislation to align with advancing technologies.

This includes explicit protocols for data collection, storage, and dissemination, rigorous sanctions for violations, and reporting obligations for entities managing personal information. Legislation must also tackle new dangers, like artificial intelligence-driven cyberattacks, ransomware, and deep-fake fraud.

Secondly, enforcement measures need enhancement. Law enforcement organisations demand specific training and resources to investigate and prosecute cybercrime efficiently.

Collaboration among government entities, the commercial sector, and foreign partners is crucial for monitoring transnational cyber threats. Public organisations should exemplify leadership by implementing robust cybersecurity protocols and aggressively safeguarding people's data.

Third, public awareness initiatives are essential. A significant number of Kenyans lack awareness about the collection, storage, and possible use of personal data. Educational campaigns may enable consumers to make educated choices about online interactions, use robust passwords, evade phishing schemes, and report dubious behaviour.

Ultimately, cultivating a culture of responsibility in both government and industry is essential. Organisations must see data protection as a fundamental obligation, rather than a mere bureaucratic need. Proactive regulatory supervision, periodic audits, and stringent sanctions for non-compliance may bolster this culture.

In conclusion, Kenya is at a pivotal moment in its digital development. The prospects for innovation, financial inclusion, and service provision are substantial.

However, in the absence of robust cyber legislation and efficient enforcement, these prospects are compromised by escalating cyber dangers. Improving legislative frameworks, bolstering enforcement, fostering public awareness, and guaranteeing institutional responsibility are not only regulatory actions but also investments in trust, security, and the future of Kenya’s digital economy.

Safeguarding people's data is essential; it is a moral and economic obligation that necessitates immediate intervention.

Mr Lawrence Kitema is a Communications and Public Relations Strategist