The Cyber Security and Data Protection Bill was gazetted last week and now proceeds to Parliament for debate and possible amendment before being passed into law.
The Bill seeks to set out the framework in the storage, processing and transmission of data. Special attention is placed on hammering those who access or store child pornography and on those who threaten or humiliate others, as well as those who use technology to incite others to acts of violence.
Many of the detailed practices and codes of conduct will be set by the Postal and Telecommunications Regulatory Authority of Zimbabwe (Potraz), which will become the central agency to set and enforce specific standards by establishing a cyber security centre and being the data protection authority.
The authority and its centre will be the principal advisors to the Government on issues of data collection, storage, processing, security and transmission.
New criminal offences over misuse of data or information technology, such as inciting violence, threatening harm, publishing sexual details of friends and family, and a raft of similar undesirable activity will be established through amendments and additions to the Criminal Code. The Bill seeks to consolidate cyber-related offences and provide for data protection with due regard to the Declaration of Rights under the Constitution and the public and national interest.
The core clauses start with the concept that all data can only be stored with the consent of the person involved, or their legal guardian if that person is under 18. But a large number of exceptions are listed where for reasons of national interest, such as security, public health and the like, permission is not required. But even in these cases, the data has to be secured, often the person whose data is stored has the right to know this, and other safeguards can be put in place.
A raft of duties is placed on what are called data controllers, those who manage the storage of data. Among these is a ban on transmission of data to other countries unless they have similar safeguards in place.
This requirement, which is becoming common around the world, is one of the reasons why Zimbabwe now needs to spell out its own safeguards so it can continue to be in the global ICT loop. The Bill will create a technology driven business environment and encourage technological development and the lawful use of technology if enacted into law.
New criminal activity to be added to the Criminal Code, the statutory codification of Zimbabwe's criminal law, include criminalising those "who unlawfully by means of a computer or information system makes available, transmits, broadcasts or distributes a data message to any person, group of persons or to the public with intend to incite such persons to commit acts of violence against any person or persons or to cause damage to any property."
The transmission of data messages intentionally by means of a computer or information system to another person threatening harm to the person or the person's family or friends or damage will also attract a fine not exceeding level 10 or to a jail term of up to five years.