CYRILLA: Global Digital Rights Law

Cyber Security and Data Protection CYBER SECURITY AND DATA PROTECTION BILL, 2019 Memorandum The purpose of this Bill is to consolidate cyber related offences and provide for data protection with due regard to the Declaration of Rights under the Constitution and the public and national interest, to establish a Cyber Security Centre and a Data Protection Authority, to provide for their functions, provide for investigation and collection of evidence of cyber crime and unauthorised data collection and breaches, and to provide for admissibility of electronic evidence for such offences. It will create a technology driven business environment and encourage technological development and the lawful use of technology. The main provisions of the Bill are explained below: Part 1 Clause 1 sets out the short title and date of commencement. Clause 2 provides for the objects of the Bill which are to curb cyber crime and promote cyber security in order to build confidence and trust in communication networks. Clause 3 provides for the definitions of the terms used in this Bill. Clause 4 sets out the scope of application of the Bill to include the processing of data wholly or partly by automated means. Part II Clause 5 provides for the designation of the Cyber Security Centre within the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ). Clause 6 provides for the functions of the Cyber Security Centre which shall be among other functions to advise Government and implement Government Policy on cyber crime and cyber security. The Cyber Security Centre shall also promote and coordinate activities focused on improving cyber security and prevention of cyber crime. Part III Clauses 7 and 8 provides for the designation of the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) as Data Protection Authority and the functions thereof. Part IV and V Clauses 9 to 14 provides the minimum standards and general rules for a data controller for the processing of data. Part VI Clauses 15 to 18 provides for the levels of security, integrity and confidentiality of data controllers or their representatives in the protection of data from destruction, unauthorised alteration or access and other unauthorised processing, and the notification of the Authority of any security breaches. Clauses 19 and 20 provides for the notification of the Authority of the processing of data by any automated means and the scope of such notification. Clauses 21 and 22 requires the Authority to establish the form and manner of notification provided in clauses 19 and 20 and the keeping of a register of such notifications. i(i)