THE COMPUTER MISUSE AND CYBERCRIMES ACT
The Computer Misuse and Cybercrimes Act No. 5 of 2018 (the Act) was assented to on 16 May 2018 and commenced on 30 May 2018. The Act aims to protect the confidentiality, integrity and availability of computer systems, programs and data as well as facilitate the prevention, detection, investigation, prosecution and punishment of cybercrimes.
Prior to the commencement of the Act, Bloggers Association of Kenya filed Petition 206 of 2018 at the High Court challenging the constitutionality of twenty-six (26) sections of the Act. Some of the salient provisions that were suspended covered the composition of the National Computer and Cybercrimes Co-ordination Committee and the establishment of certain offences.
The High Court suspended the contested sections on 30 May 2018 and the suspension was lifted on 20 February 2020 when the High Court dismissed the petition.
Subject to any appeal to the Court of Appeal, all the provisions of the Act are in full force and effect. We highlight some of the key provisions of the Act below:
- The Act establishes various offences including unauthorised interference or interception of computer systems programs or data, false publication of data, cyber harassment, cybersquatting, cyber terrorism, identity theft and impersonation, phishing, computer fraud, computer forgery, unauthorised disclosure of passcodes, fraudulent use of electronic data, issuance of false e-instructions among others.
- The Act requires service providers to assist in investigation of offences e.g. by collecting and providing data to the investigation officers.
- The Act prescribes hefty penalties for contravention of its provisions. These include fines, imprisonment, confiscation of assets purchased from proceeds of an offence and compensation.
Pursuant to the commencement of the Act, companies can prevent the commission of the offences established under the Act by formulating and implementing cybersecurity strategies, frameworks, policies and procedures.