e-records symposium, phakalane developing cyber ... in botswana - keetshabe.pdf · 1 e-records...
TRANSCRIPT
1
e-RECORDS SYMPOSIUM, PHAKALANE
DEVELOPING CYBER LEGISLATION IN BOTSWANA - UPDATE
Presented by:
Adv. Abraham M Keetshabe
General Counsel
Office of the President
29 July 2015
2
AGENDA
1. Maitlamo (National ICT) Policy of 2007
2. Maitlamo Policy on Legislative Infrastructure
3. e-Legislation Priorities
4. Electronic Communications and Transactions - Act No. 14 of 2014
5. Electronic Records (Evidence) Act – Act No. 13 of 2014
6. Personal Data Protection
7. Data Regulatory Authority
8. Cybercrime and Computer Related Crimes Act
9. Conclusion
3
Maitlamo, Botswana’s National Information and Communications
Policy was approved by the National Assembly in August 2007.
Policy provides Botswana with a clear and compelling roadmap that will
drive social, economic, cultural and political transformation in the years
ahead through the effective use of ICT.
Policy complements and builds upon Vision 2016 and provides many of
the key strategies essential for achieving Botswana’s national
development targets.
Policy provides that national connectivity will help draw communities
closer together and facilitate economic growth and development in all
regions of the country. Batswana will have access to information that
will assist them in their everyday lives.
Maitlamo (National ICT) Policy of 2007
4
On-line information on employment, community development,
healthcare, education and government services all feature prominently in
the Policy’s recommendations. Increased levels of e-commerce will
enable local companies to compete in the global marketplace, and the
development of a vibrant and entrepreneurial ICT sector will create
further employment, greater economic diversification and boost investor
confidence.
ICTs:
Offer opportunities for accelerated development, creation of
wealth and economic diversification;
Reduce duplicated effort;
Facilitate rapid transformation;
Promote efficiency and effectiveness in achieving intended
outcomes.
National ICT Policy - Continued
National ICT Policy Development
The development of the National ICT Policy of Botswana actively involved a
wide range of participants from the public and private sectors, as well as the
civil society. A National Steering Committee and seven Taskforces,
comprising experts from around the country, were established to assist with
this important effort. The Taskforces examined effective application of ICT in
the following areas:
• Community Access and Development
• Government
• Learning
• Health
• Economic Development and Growth of the ICT Sector
• Infrastructure and Security
• Legislation and Policy. 5
Maitlamo Pillars
6 ICTs
in
Ho
me
s a
nd
Co
mm
un
itie
s
Lea
rnin
g &
HR
De
ve
lop
me
nt
e-G
ove
rnm
en
t
e-H
ea
lth
Tec
hn
ica
l In
fra
stru
ctu
re
Leg
isla
tive
In
fra
stru
ctu
re
National Connectivity
ICT
Dri
ve
n E
co
no
mic
De
ve
lop
me
nt
7
Paragraph 6.8.5 of the Maitlamo Policy provides that:
“Specific initiatives for the Connectivity Laws and Policies Programme include:
Media neutral legislation to deal with electronic documents (e-Commerce
legislation);
Amendments to specific legislation, including the Criminal Procedure and
Evidence Act, the Authentication of Documents Act, and the Foreign Documents
Evidence Act;
Development of policy and possibly legislation dealing with electronic
signatures; and
Development of policy and possibly a combination of legislation and industry
codes of conduct to deal with the protection of personal privacy, particularly in
the context of cross-border data flow, health care and financial services and
transactions.”
The Botswana Government e-Legislation programme gives meaning to this
Policy.
Maitlamo on Legislative Infrastructure
8
Development of legal & regulatory
framework is at embryonic stage, work
having started in earnest in the year 2010.
Development of Legislative Framework
Up until as recently as April 2014, no legislative framework to facilitate and
enable the provision of e-services existed in Botswana.
Laws tended to prohibit, rather than promote the use of ICT to provide services.
For example, the legislation did not provide for recognition of electronic
signatures, authenticity of electronic documents and admissibility of electronic
evidence, to name a few.
These legal challenges are being addressed through the development of simple,
consistent and technology-neutral legislation which recognizes all ICT processes
and transactions - including recognition of electronic signatures as a valid
authentication method for electronic transactions and give confidence to
consumers, the business community and Government agencies participating in
electronic transactions.
9
10
PHASE I
Data Protection – new legislation required – drafting ongoing
Electronic Commerce - new legislation required - done
Electronic signatures - new legislation required – done
These 2 combined = Electronic Communications &
Transactions Act No. 14 of 2014
Cybercrime and Computer Related Crimes Act – review
existing Act - ongoing
Electronic Evidence Bill – review existing Bill – done
e-Legislation Priorities
Electronic Commerce & Electronic Signatures
Development of legislative framework to introduce, recognise, define
and provide for legal recognition of electronic signatures in Botswana;
To reverse the current legal position and prohibit discrimination against
electronic signatures;
Specifically to establish that as long as an electronic signature meets a
set of specific requirements, it is equally valid and carries the same
weight as a handwritten signature and cannot be denied legal effect
just because it was created electronically;
That electronic signatures meet all existing requirements for
handwritten signatures and a reliable electronic signature should satisfy
any law that requires a signature for a document subject to reasonable
exceptions; that there should be rules to prove the reliability of an
electronic signature.
11
Electronic Communications and Transactions Act, No.
14 of 2014 - Synopsis
The Act facilitates the use of electronic means of communication so as to
enable:
Legal recognition and validity of electronic commercial transactions
conducted internally and externally,
Recognition, promotion and implementation of information
technologies which facilitate electronic commerce,
Electronic transactions to be recognised in the same manner as paper
based transactions,
The promotion of a legal framework to support electronic commercial
practices, including the formation and conclusion of legal contracts through
electronic means;
The promotion and adoption of information technologies in relation to
electronic transactions;
12
Gives electronic signatures the legal equivalence to the handwritten signature;
Promotes a technology-neutral legal framework for the creation of e-signatures;
Gives legal recognition to certificates created or issued locally or externally;
Provides functional equivalence of electronic information to written
information such that certain legal requirements for information retention,
presentation of information or information admissible as evidence is recognised
regardless of form; and
Promotes uniformity of legislation and supports commercial practices with legal
coverage.
Consumer is deemed to be a weaker party and ought to be more protected.
13
Electronic Records (Evidence) Act No. 13 of 2014
Both the Criminal Procedure and Evidence Act and the Evidence in Civil Proceedings
Act provide for the admissibility of documentary evidence, but only in general terms
with no specific provision for the admissibility of records produced by an electronic
records system.
Therefore, hitherto, it has not been possible to tender evidence contained in electronic
records. This legislation seeks to address this shortcoming by –
making it possible for records produced by an electronic records system, in the Act
referred to as “electronic records” to be tendered in evidence in legal proceedings; and
altering the ordinary rules of law relating to authentication and best evidence in
admissibility of electronic records
This legislation permits admission of any evidence generated and stored in electronic
form and courts of law will now be able to admit such records when tendered as part of
evidence.
Courts will also be able to accept affidavits and all other documents signed
electronically. In other words “best evidence rule” will now apply to electronic
records (section 7 of the Act).
14
Role of BOCRA
Section 6 of the Act provides that BOCRA shall be “the certifying authority” – it
plays a leading role in settling matters of integrity of the “electronic records
system”.
BOCRA has therefore been singled out as the authority responsible for
overseeing and approving the process of generating electronic records. BOCRA
certifies and confirms the authenticity, and hence the admissibility as evidence of
proof of the originality of the contents of an electronic record.
Again, the emphasis here is on the process that is used to generate an electronic
record. Authenticity here is associated not with the document in issue but rather
with the method , system or process that was used to generate the document.
In order to conclude and give legitimacy to this process, the Minister is required
to promulgate regulations. The purpose of the regulations is to operationalise the
Act. They provide the necessary guidance in certifying the integrity of an
electronic records system . Drafting of the Regulations is ongoing.
15
Role of Records Manager
A Records Manager is responsible for:
developing, monitoring and reviewing the organisation's records management
policy, programme, procedures, standards and guidelines;
dissemination of information in relation to these;
the design and implementation of records systems
the management of active, semi-active and non-current records, in consultation
with the National Archives.
The new legislation does not in any way alter or affect these functions.
Any electronic records management system should place security of records at
the top of the agenda.
16
Personal Data Protection The Government of Botswana recognises that the introduction of electronic
commerce and e-services will bring about increased opportunities for the abuse of
personal data. For this reason, the drafting of the Data Protection Act has been
identified as a priority.
A draft of the Bill has been completed and consultations are ongoing.
Examples of "personal data" are: address, national identity card, credit card number,
bank statements, criminal record, etc.
Main purpose of data protection legislation is to ensure that personal data is not
processed without the knowledge and, except in certain cases, the consent of the data
subject;
To ensure that personal data which is processed is accurate, and to enforce a set of
standards for the processing of such information.
This legislation sets out principles of good information handling so as to guarantee
the protection of personal information. It protects the individual’s right to privacy
with respect to the processing of data and ensures that personal data is only processed
in accordance with set requirements.
17
Principles of Personal Data Protection
The Bill covers the well known principles of personal data protection:
Personal data is processed fairly and lawfully;
Always processed in accordance with good practice;
Only collected for specific, explicitly stated and legitimate purpose;
Not processed for any purpose which is incompatible with that for which the information was
originally collected;
Personal data that is processed is adequate and relevant in relation to the purposes of
processing;
Personal data that is processed is correct, and if necessary, up to date;
All reasonable measures are taken to complete, correct, block or erase data to the extent that
such data is incomplete or incorrect, having regard to the purposes for which they are
processed;
Data Collectors such as educational institutions, employers and banks are obliged to inform
individuals of the reasons for collecting information about them; that individuals are assured
that the data collected will not be used for any purpose other than that which has been specified
by the data collector; that explicit consent from individuals is necessary in order to process
sensitive personal data ( data that reveals race, ethnic origin, political opinion, religious or
philosophical beliefs, health, sex life); 18
Data Regulatory Authority
The Office of Commissioner of Data Protection be established and
amongst others, the Commissioner be responsible for supervising
implementation and enforcement of the Data Protection Act, with
particular emphasis on ensuring that the individual’s right to
privacy is protected and upheld and that processing is done in such
a way that data is secure as well as to guard against unauthorised
access, alteration, disclosure, destruction of personal data and that
it is processed in a manner consistent with the law.
Further, the law seeks to establish a Tribunal whose primary
function is to hear appeals from any person aggrieved by a
decision of the Commissioner of Data Protection.
19
Cyber Crime
20
Cybercrime and Computer Related Crimes Act came into force
on 28/12/2007. Cyber crime by its nature knows of no
boundaries and may collapse the economy of any country.
The Act deals with crime perpetrated through computer systems
Covers unauthorised access to a computer or computer system,
unauthorised interference with data, accessing computer system
with intent to commit an offence, and generally deals with cyber
fraud.
The Act has been identified for review as a priority under phase
I of the e-legislation programme of the Government of
Botswana .
Conclusion
Progress in the development of a legislative framework has
been slow but there are noticeable achievements.
Efforts to enact the relevant legislation have gained
momentum and will continue.
The completion of phase I of the Government e-legislation
programme should pave way to the commencement of the
second phase of the programme, which includes review of key
financial legislation mainly to facilitate electronic commerce;
and the enactment of freedom of information legislation.
21