Professional Documents
Culture Documents
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Agenda Project Overview and Approach Current state of Kenya e-Government Recommendations
Global best practices and Key Principles in e-Government legal frameworks Sample legislation that highlights critical e-Government elements Implementation action plan
Q&A
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Agenda Project Overview and Approach Current state of Kenya e-Government Recommendations
Global best practices and Key Principles in e-Government legal frameworks Sample legislation that highlights critical e-Government elements Implementation action plan
Q&A
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Source: IBM Institute for Business Value, The State of Smarter Government, 2010 4
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Kenya Tomorrow
Kenya Today
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
WHAT
HOW
WHEN
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
The e-Government Development Index is the UNs ranking system, from 0 to 1, used to indicate the level of maturity of e-government services. The above 4 countries are well represented in our team composition
Source: United Nations eGovernment Survey 2010 7
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Focus Areas
Based on our analysis, we have identified 6 major areas you need to focus on
Standard Keys
Definition of, access to and penalties for illegal access to private versus public data
Standard identification, permission and enforcement of protected data, and guaranteed citizen access to data
Universal primary Centralized, keys to uniquely exhaustive identify people, systems for companies, assets, people, etc. across all companies, assets, government data etc. available for holdings universal reference and cross-cutting analytics
Require systems to refer to and coordinate with National Data Warehouses when they exist
Shifting from data ownership to data stewardship, facilitating re-use of public sector information
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Visits
1. Ministry of Immigration and Registration of Persons 2. Department of Immigration, Passport Registration Office, Nyayo House, Nairobi 3. National Registration Bureau, Makadara Station, Nairobi 4. Civil Registration Department, Sheria House, Nairobi 5. Civil Registration Department, Nyeri District
Meetings
1. Stakeholders Workshop on e-Government Strategic Plan, Kenya Institute of Education, 9th March 2011
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Agenda Project Overview and Approach Current state of Kenya e-Government Recommendations
Global best practices and Key Principles in e-Government legal frameworks Sample legislation that highlights critical e-Government elements Implementation action plan
Q&A
10
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Because of these timeconsuming, redundant and manual processes, the criticality for a solid legal framework for e-Government is even more urgent
Civil Registration Department Sheria House Birth Certificate application process 11
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Conclusions
Lack of keys will inhibit interoperability without entity disambiguation exercises No consistent shared keys exist across systems
IPRS represents best current NDW Lack of universal and real-time coordination with other repositories leaves room for fraud and manipulation Finding correct information is timeconsuming Ministries operate inefficiently with duplicate information collected, often with the same purpose Ownership is asserted in such a way that it inhibits collaboration and information sharing Time-consuming efforts to identify structures around data governance Unclear categories yield coarse-grained data controls which can allow illegal access to the data Unenforced penalties increase the risk of illegal access Differing or absent standards for securing public data risks compromised security at all times Security violations go undiscovered
Public Ownership of Public Data Definition of, access to and penalties for illegal access to private versus public data Security of public data
No definition, distinction or classification of PII, Sensitive data, Public data Identified violations are handled in an ad hoc fashion, with varying penalties
No uniform mechanism or auditing in Kenya to protect public data Existing legislation KCA 2009 83U and 83V, not observed by agencies
12
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Agenda Project Overview and Approach Current state of Kenya e-Government Recommendations
Global best practices and Key Principles in e-Government legal frameworks Sample legislation that highlights critical e-Government elements Implementation action plan
Q&A
= Best in Class
13
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Mandate compatibility
All existing systems are required to be interoperable with data standards within a designated timeframe All newly procured systems are required to comply with data standards
In UK, the e-GIF set the standard for many other countries as adoption is mandatory for all public information systems In US, the Director of the Office of Management and Budget is empowered to enforce standards for all government systems
In EU, Interoperability Solutions for European Public Administrations (ISA) created European Interoperability Framework (EIF) to unify multiple governments and is maintained by an identified committee from many member countries
14
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Sample Legislation
Authority to develop open data standards is delegated to a central authority Authority to develop open data standards is delegated to a central authority The data standards themselves are drawn up by a qualified committee and passed as regulations The data standards themselves are drawn up by a qualified committee and passed as regulations Separately, the enforcement of those standards is a legal responsibility of a named party Separately, the enforcement of those standards is a legal responsibility of a named party
SOUTH KOREA Act on Promotion of Information and Communication SOUTH KOREA Act on Promotion of Information and Communication Network Utilization and Information Protection Network Utilization and Information Protection
Article 12 Construction of a System for the Joint Utilization of Information (1) The Government may advance the interoperability, standardization, and joint utilization of information and communications networks to efficiently utilize the information and communications networks. (3) Presidential Decree shall stipulate requisite matters regarding promotion and support Article 13 Projects for Promoting Utilization of Information and Communications Networks (1) Under conditions stipulated by Presidential Decree, the Minister of Information and Communication may create and enact projects designed to facilitate the efficient use and distribution of technologies, equipment, and applied services in order to facilitate information use in the public and private sectors, culture, and society as a whole, and end the information gap.
Empowers the government authority to craft an interoperability framework or fund a body to do so Empowers the government authority to craft an interoperability framework or fund a body to do so Allows the government authority to promulgate regulations requiring the adoption of the interoperability framework Allows the government authority to promulgate regulations requiring the adoption of the interoperability framework Encourages the government to condition financial support based on the adoption of the interoperability framework Encourages the government to condition financial support based on the adoption of the interoperability framework Justifies all of these activities as necessary to close the information gap Justifies all of these activities as necessary to close the information gap
15
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
In BE, citizens can refuse requests for data details already held in authentic source systems such as the National Register (for individuals), the Crossroads Bank for Enterprise In DK, the Det Centrale Personregister has been the central source for citizen data since 1968 16
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Sample Legislation
Authority to consolidate identity data is assigned to a central authority Authority to consolidate identity data is assigned to a central authority The regulation defines the data sources which are compelled to participate by force of law The regulation defines the data sources which are compelled to participate by force of law Minimum standards are set as to the security, availability, access methods and confidentiality of the centralized data Minimum standards are set as to the security, availability, access methods and confidentiality of the centralized data Requires the acceptance of records in the central data repository in lieu of photocopied documents Requires the acceptance of records in the central data repository in lieu of photocopied documents
UNITED KINGDOM Data Protection Act 1998 UNITED KINGDOM Data Protection Act 1998
52A Data-sharing code (1) The Commissioner must prepare a code of practice which contains (a) practical guidance in relation to the sharing of personal data in accordance with the requirements of this Act, and (b) such other guidance as the Commissioner considers appropriate to promote good practice in the sharing of personal data. (2) For this purpose good practice means such practice in the sharing of personal data as appears to the Commissioner to be desirable having regard to the interests of data subjects and others, and includes (but is not limited to) compliance with the requirements of this Act.
The Data Protection Act is largely concerned with the limitation of the governments ability to store, access or share The Data Protection Act is largely concerned with the limitation of the governments ability to store, access or share citizens personal data citizens personal data Within the act, exceptions regarding data sharing in the citizens interest is made Within the act, exceptions regarding data sharing in the citizens interest is made A designated body is given the authority to create data sharing codes (regulations) which must be submitted for approval A designated body is given the authority to create data sharing codes (regulations) which must be submitted for approval up to Parliament up to Parliament Once these regulations are in place, agencies are compelled to share their data accordingly Once these regulations are in place, agencies are compelled to share their data accordingly
17
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
In KR e-Government Law No. 10303 Chapter 4, details sharing of administrative information. Article 36 governs the administration, efficient management and use of information
18
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Sample Legislation
Article 36 (Administration of the efficient management and use of information) A minister or principle of any ministries should provide administrative information which the ministry collect and retain inside to other ministry who require that information. If they can receive and access trusted data from any other ministry, they should not collect duplicated data independently. A minister or principle of any ministries which collect and retain administrative information can permit to share the information between other ministries and any banks which have a permission of bank business according to Act on Bank, private corporate organizations or agencies which are granted by Presidential Dec Policies. The Minister of the Ministry of Public Administration and Security should develop the list of administrative information which is hold by any ministry by investigation and distribute it across government ministries and investigate requirement for new administrative information. Article 37 (sharing of administrative information centers) For the sake of effective sharing of administrative information, The Minister of the Ministry of Public Administration and Security can deploy administrative information center as a center of information sharing across ministries as a subsidiary of his ministry and promote to utilize the center from each ministry in accordance with Presidential Dec Policies
All government agencies must vet their information needs against existing government holdings before it All government agencies must vet their information needs against existing government holdings before it can collect or retain information can collect or retain information Information cannot be collected independently if it exists accessibly in any other agency. Information cannot be collected independently if it exists accessibly in any other agency. A role for a central decision making body must be designated to promote sharing strategy, enforcing A role for a central decision making body must be designated to promote sharing strategy, enforcing policies through approval and budgets and resolving conflicts policies through approval and budgets and resolving conflicts
19
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Data is available to the widest range of users for the widest range of purposes
Data should be usable for purposes it was not originally captured for Involve citizens to make sense of data Encourage transparency, participation and collaboration
Make exposed data the default and protected data the exception
By default, data captured by government bodies should be made available to the public Release key datasets (data.go.ke?) Only sensitive or private data should be protected
In US, Open Government Directive In UK, interactive portal where citizens are asked to come up with innovative ideas and mobile applications how they could use public data
In UK, Transparency Board to make transparency a core part of all government business In KR, Act mandates that information held and managed by public institutions shall be disclosed
20
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Sample Legislation
Requests from executive departments and agencies to take steps toward the goal of creating a more open government Requests from executive departments and agencies to take steps toward the goal of creating a more open government Provides clear actions and deadlines for implementation Provides clear actions and deadlines for implementation Key principles are transparency, participation and collaboration Key principles are transparency, participation and collaboration
SOUTH KOREA Information Disclosure Act for Public Agencies SOUTH KOREA Information Disclosure Act for Public Agencies
Every people holds the right to request information disclosure. () Public institutions shall create an information management system by which information can be properly kept and speedily searched, open an office and secure staff in charge ofinformation disclosure and work to build an information disclosure system, etc. by making full use of the information and communications network.()
Secures the peoples participation in state affairs and the transparency of the operation of state affairs Secures the peoples participation in state affairs and the transparency of the operation of state affairs Prescribes necessary matters concerning the peoples claims for the disclosure of information and the obligations of Prescribes necessary matters concerning the peoples claims for the disclosure of information and the obligations of public institutions to disclose their information in their possession public institutions to disclose their information in their possession Prescribes that public institutions shall make and keep a list of information that they hold and manage in a manner that Prescribes that public institutions shall make and keep a list of information that they hold and manage in a manner that the people can readily understand such list of information the people can readily understand such list of information
21
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Focus Area 5 - Definition of, access to and penalties for illegal access to private versus public data
Categorize data appropriately to maximize proper protection and access
In US, FEA DRM (Data Reference Model) categorizes government information in detail level with privacy designation. In UK, e-GIF (e-Government Interoperability Framework) sets out the government's technical policies and standard data categories.
In FI, Personal Data Act, chapter 38, section 9 In KR, Act on the Protection of Personal Information Chapter 5
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Sample Legislation
Focus Area 5 - Definition of, access to and penalties for illegal access to private versus public data
FINLAND Personal Data Act FINLAND Personal Data Act
section 26 - Right of Access (1) Regardless of secrecy provisions, everyone shall have the right of access, after having supplied sufficient search criteria, to the data on him/her in a personal data file, or to a notice that the file contains no such data. The controller shall at the same time provide the data subject with information of the regular sources of data in the file, on the uses for the data in the file and the regular destinations of disclosed data.
Authority to determine appropriate access (e.g. national security, statistical) should be declared in Act Authority to determine appropriate access (e.g. national security, statistical) should be declared in Act Individuals should be guaranteed access to data about them Individuals should be guaranteed access to data about them CANADA, Privacy Act -- Access to Personal Information CANADA, Privacy Act Access to Personal Information
Right of access 12. (1) Subject to this Act, every individual who is a Canadian citizen or a permanent resident within the meaning of subsection 2(1) of the Immigration and Refugee Protection Act has a right to and shall, on request, be given access to (a) any personal information about the individual contained in a personal information bank; and (b) any other personal information about the individual under the control of a government institution with respect to which the individual is able to provide sufficiently specific information on the location of the information as to render it reasonably retrievable by the government institution.
Individuals should be guaranteed access to data about them Individuals should be guaranteed access to data about them SOUTH KOREA, Act on the Protection of Personal Information Chapter 5 SOUTH KOREA, Act on the Protection of Personal Information Chapter 5
Article 23 (Penal Provisions) (1) Any person who changes or alters private information for the purpose of disrupting the operations of private information management of a public institution shall be punished by imprisonment for not more than ten years. (2) Any person who illegally leaks or issues private information without consent and for the purpose of use by others, violating what has been set forth in Article 11, shall be punished by imprisonment for not more than three years or a fine not exceeding ten million won.
Penalties for illegal access for personal information should be specified Penalties for illegal access for personal information should be specified 23
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
In UK, the Data Protection Act is used to ensure that personal data is accessible to those whom it concerns, and provides redress to individuals if there are inaccuracies 24
In US, FISMA (Federal Information Security Management Act) establishes security guidelines that federal agencies must adhere to. Agencies are graded on results from FISMA compliance auditing
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Sample Legislation
Authority to perform independent evaluation of security program and practices Evaluation to be performed by an independent external auditor
The controller and the processor of personal data to ensure satisfactory data security measures being followed Controller and processor to document and share data system and security measures. Documentation to be made accessible to the Data Inspectorate and the Privacy Appeals Board.
25
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
2. New types of information collected about people (location and personal preference) - Collection of information of an individual - GBP: No person may collect, use, or provide the location information of a person or mobile object without the consent of the person or the owner of the object (KR act on the protection, use, etc. of location information) - Exceptions when info is to be used for emergency rescue/relief purposes - GBP: A subject of personal location information may withdraw his/her consent for part of the scope of the collection of personal location information and the terms and conditions, when he/she has given consent under above point 3. Structure that allows applications of authorization or verification down to mobile devices for conducting any business - Processes to identify identity for individual authorization from mobile devices - Step-by-step procedure in place to conduct transactions securely using these mobile devices - Mobile e-Signature to satisfy legal requirements as a handwritten signature. - GBP: Directive 1999/93/EC of EU establishes legal framework for e-Signature and certification services. The main provision of the Directive states that an advanced electronic signature based on a qualified certificate satisfies the same legal requirements as a handwritten signature. It is also admissible as evidence in legal proceedings.
26
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Sections 7(1)(a-b) guarantee personal access to personal data Section 9 requires that data be up-to-date, complete and accurate Section 22 protects against agency liability for data disclosed in good faith
Elements of the Draft Data Protection Act pose serious concerns to e-Government ad option efforts
Sections 3(1)(a)(ii)(b) requires all personal data be collected from individuals
May prevent lookup from existing data stores
Sections 11 prevents data collected for one purpose being used for another
May prevent creation of National Data Warehouses
27
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Agenda Project Overview and Approach Current state of Kenya e-Government Recommendations
Global best practices and Key Principles in e-Government legal frameworks Sample legislation that highlights critical e-Government elements Implementation action plan
Q&A
28
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Legislation
Regulation
Put in place immediately More easily discarded
Regulation
29
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Obtain the mandate 1. Amend current authorities in the Kenya Communications Act to point to DeG 2. Include DeGs authorities in new legislation
Define & Designate 3. Include core data entity types, standard keys and categories in new legislation 4. Per data entity type, define the fields, format and sensitivity level 5. Designate systems to serve as central repositories for each data asset
Single source
Data availability 8. Include data stewardship and open government directives in new legislation 9. Create a pilot website where selected key public data sets are published
Partnerships
6. Make inventory of data and systems across ministries 7. Pilot data centralization efforts for a selected region and selected function
10. Allow by law for private organisations to participate in providing government services
30
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Establish IPRS as the central NDW Move Adoptions & Marriages registry Digitize information Establish a CoE for data stewardship Establish ACP for different data categories Define cross-cutting penalties Establish security guidelines
Collect data into central repositories with synchronization or update policies Establish electronic verification methods that link into the NDW
Establish an independent party with authority to apply and enforce the defined penalties
Establish security solutions Establish a risk management program Establish training procedures on security practices 31
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Agenda Project Overview and Approach Current state of Kenya e-Government Recommendations
Global best practices and Key Principles in e-Government legal frameworks Sample legislation that highlights critical e-Government elements Implementation action plan
Q&A
32
eGovernment should create the obligation for government departments to be under one umbrella
Most fraud is because other arms of government cannot check. Everything is a manual process.
This is the fifth day in a row that I am here waiting in the queue. Every day costs me 300 Ksh for transport. I have no more money for food.
Developing an enabling legal and regulatory framework for e-Government services in Kenya
APPENDIX SLIDES
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Part of IBMs Corporate Social Responsibility Program Employee leadership development program Launched July, 2008 Global IBM initiative designed to provide government, small business, educational institutions, and nonprofit organizations in growth markets with pro bono consulting work to help improve local conditions and foster job creation +1000 IBM employees deployed from 50 countries on 100 teams to 18 countries since inception
Russia Romania Turkey Morocco Egypt Nigeria Ghana Kenya Tanzania Brazil S. Africa Sri Lanka India Philippines Vietnam Indonesia China
Malaysia
35
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
36
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Enhance
(Service / System / Legislation) Need eGovernment to step up and define the standards It should be possible to look at data for other purposes than for what it was Better ways to identify persons Less Forms, Less Acts Less late registrations for birth IPRS should contain all information and should be better accessible More computers for the registration officers Data should be marketable and sho uld be used to benefit each other, bu t in a directed manner
37
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Current State
Conclusions
Current Authority
Authority for National Data Warehouses exists under KCA, but does not assign the authority to the eGovernment Directorate
National ID is commonly used across many systems, but is limited to registered Kenyan citizens over 18 years of age Integrated Population Registration Services (IPRS) Integrated Personal Potential Number (PIN) universal for all Shared Keys registered Kenyans and registered foreigners, but largely unknown outside of IPRS Draft key standard for land provided by Ministry of Lands adheres to international GIS standards
38
Lack of keys will inhibit interoperability without resource-intensive entity disambiguation exercises No consistent shared keys exist across systems Candidate keys are flawed either because they are not universal, not known or are still in progress
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Current State
Conclusions
Greater authority than currently under KCA will be required to either assemble or compel participation in a National Data Warehouse (NDW)
Current Authority
Citizen Registry
IPRS represents best current NDW IPRS needs to collect from and share with all relevant entities to be a true NDW Methods of exchange must be broadened
Corporate Registry
Corporate registry may be an ideal NDW candidate Lack of universal and real-time coordination with other repositories leaves room for fraud and manipulation
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Current State
Conclusions
Finding correct information is timeconsuming Ministries operate inefficiently with duplicate information collected, often with the same purpose Resources are invested in multiple projects to build same information repository To prevent ministries from initiating redundant stores, legal enforcement is required Information cannot be searched exhaustively or verified definitively due to dispersion and paper format Lots of information unused because awaiting digitization Less opportunity to leverage core information across ministry Dependencies to individual officers rather than a defined process
Current lack of digitized information Requests for information between ministries are manual, often on paper Seamless Procurements for new systems are process, de-centralized, not under common digitized control information Information searching processes are manual and ad hoc to the individual doing the searching
40
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Current State
Conclusions
Ownership is asserted in such a way that it inhibits collaboration and information sharing Time-consuming efforts to identify structures around data governance
Facilitating who captures the data keeps the data re-use of The public has no transparency about public sector where what data is stored or how to information access it
Data is not being re-used in an optimal way. Its utility is not maximized.
41
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Current State
Focus Area 5 - Definition of, access to and penalties for illegal access to private versus public data
Findings
No definition, distinction or classification of PII (Personally Definition of identifying information, e.g. National ID, name, birth date), Sensitive data private, (e.g. medical history), Public data (e.g. public data aggregate statistical data) In electronic systems, access controls are role-based (boundary) by user, but manual systems have only physical access controls Lack of consistent business conduct guidelines Access education is only given at hire Lack of any defined protocol for citizen access to personal data Existing relevant legislation, such as
Conclusions
Unclear categories yield coarsegrained data controls which can allow illegal access to the data Increased difficulty and inconsistent standards when applying legal policy for different classification levels of data Departments are reluctant to share data without legal protection for third party misuse of data Special provisions should be made for cases affecting national security Citizens unaware of rights to access their own data, and have no process by which to exercise those rights Unenforced penalties increase the risk of illegal access Poor application makes corruption in parallel processes more likely Inconsistent policies reduce the deterrent effect of penalties
Penalties for KCA 2009 83U and 83V, is not widely illegal observed by agencies access to Identified violations are handled in an ad hoc fashion, with varying penalties data
42
Legal and regulatory framework for e-Government services in Kenya IBM CSC Team Kenya 2 Subteam Chui
Current State
Conclusions
Different standards for securing public data with varied security levels risks compromised security at all times Manual sharing of public data through unofficial processes could lead to release of private data, violating the Kenyan Constitution
Auditing
No auditing practice exists currently Ad-hoc auditing takes place within the supervision chain of system owners
In absence of universal auditing, processes cannot adhere to proper standards and security violations might go unnoticed No checks in place could promote mis-use or mis-appropriation of highly sensitive data
43