Computer Misuse and Cybercrimes Act (the “Act”)
The Act provides for offences relating to computer systems such an unauthorised access or interference, cyber espionage, cyber harassment, cybersquatting, phishing and cyber terrorism; contains provisions to enable timely and effective detection, prohibition, prevention, response, investigation and prosecution of computer and cybercrimes; and facilitate international co-operation in dealing with computer and cybercrime matters.
Kenya Information and Communications Act (the “KICA”)
The KICA was amended in 2019 to provide for the regulation of electronic transactions and cyber-security by requiring the Communications Authority of Kenya (“CA”) to develop a framework for facilitating the investigation and prosecution of cybercrime offences and promote and facilitate the efficient management of critical internet resources.
Kenya Information and Communications (Consumer Protection) Regulations (the “Regulations”)
The Regulations set out the rights and obligations of consumers as well as the safeguards that licensed telecommunication service providers should put in place to protect consumer rights. The Regulations require service providers to take appropriate technical and organizational measures to safeguard the security of its services.
Data Protection Act (the “DPA”)
The DPA imposes obligations on data controllers and data processors to provide security measures and mechanisms to ensure the protection of personal data against unlawful destruction, loss, alteration and transfer.
Guidelines on Cybersecurity for Payment Service Providers (the “Guidelines”)
Due to the increased cyber threats against banks, the Central Bank of Kenya (“CBK”) issued Guidelines to create a safer and more secure cyberspace and establish a coordinated approach to the prevention and combating of cybercrime. The Guidelines set out the minimum standards that Payment Service Providers (“PSPs”) should adopt to develop effective cybersecurity governance and risk management frameworks.