Understanding the Cyber Security and Data Protection Bill

What is the purpose of the new Bill?

According to the Bill’s memorandum, the purpose of this Bill is “to consolidate cyber related offences and provide for data protection with due regard to the Declaration of Rights under the Constitution and the public and national interest, to establish a Cyber Security Centre and a Data Protection Authority, to provide for their functions, provide for investigation and collection of evidence of cyber crime and unauthorised data collection and breaches, and to provide for admissibility of electronic evidence for such offences. It will create a technology driven business environment and encourage technological development and the lawful use of technology.”

Does the Bill matter?

Yes. Every time you use an electronic device to communicate, search for information or make a transaction, it leaves a digital footprint which creates data that can be stored, collected and potentially used by others. The Bill is supposed to align Cybersecurity and Data Protection laws with Zimbabwe’s Constitution and ‘consolidate cyber related offences’. Every person living in Zimbabwe will be affected by this legislation.

The internet holds information about you which includes your contact details, your behaviours (including things like interest preferences as well as location information on where you go and how frequently), your medical records, financial records and so on. Who you talk to and what you say to those people is also part of this data bank. All of this data needs to be protected from damage, attack and unauthorised access. Some of your data is not considered sensitive and will be automatically processed and used for statistical analysis (e.g. how much time you spend online). Other data is considered sensitive (e.g. personal details and financial information) which should never be shared without your express consent.

The Bill is important as it creates new regulatory bodies: the Data Protection Authority and Cyber Security Centre. It also sets out the guidelines for data processing by a data controller, regulates protection of data subjects and sets out acts that constitute offences.

Source: Kubatana

Download full document here (91KB PDF)