Spotlight on Namibia’s absent data laws RITA KAKELO-IRENE-MARI VAN DER WALT WINDHOEK
The Institute for Public Policy Research (IPPR) says the data and privacy protection law being crafted should provide clear guidelines on how to address data breaches.
Speaking to Namibian Sun yesterday, IPPR’s Research Associate, Frederico Links says such a law should specify when and how affected parties must notify customers in the event of a data breach.
His remarks come at a time when the government is grappling with a serious cybersecurity incident which saw its telecommunication’s parastatal, Telecom Namibia being hacked, and sensitive information of clients being leaked.
Telecom fell prey to a ransomware attack which led to 626.3 gigabytes of data being compromised, subsequently compromising the information of over 500 000 Telecom clients.
The incident has sparked public outrage among Namibians, citing the glaring lack of a robust legal framework to protect citizens and their data entrusted to third parties for service provision.
Links accused both Telecom Namibia and the Communications Regulatory Authority of Namibia (CRAN) of failing to adequately and timeously notify clients whose data fell into the wrong hands.
“Both entities only notified the public long after the incident became known. In fact, it appears Telecom Namibia intentionally tried to obscure the breach, which is not an appropriate response to such a serious cybersecurity issue involving customers’ personal and private information,” Links explained.
One far-reaching implication of the reported Telecom cyberattack is the potential exposure of banking details, as many users pay for Wi-Fi or other services through debit orders or online transactions, according to research findings.
As of yesterday, FNB Namibia confirmed that there had been no direct communication between the bank and Telecom Namibia regarding the reported cyberattack.
Tracy Eagles, Chief Marketing Officer of FirstRand Namibia, stated: “We do not have the full details of Telecom’s incident and therefore cannot speak to which specific cybersecurity measures are relevant to the potential issue. However, we urge our customers to remain vigilant by not sharing any passwords, OTPs or any other personal details relevant to their bank accounts.”
DATA LAWS
For the past ten years, efforts by the Ministry of Information and Communication Technology (MICT) have focused on tabling the Data Protection Bill, but it has not come to fruition yet.
In a paper released recently, ENS Africa noted that Namibia currently lacks comprehensive data protection legislation in line with the constitutional right to privacy and other laws such as the Labour Act and the Financial Intelligence Act, leaving personal data processing unregulated.
“Namibia’s Data Protection Bill of 2023 is still in its early legislative steps and must undergo further parliamentary review before it is passed into law. Although the Bill is not yet in force, drawing from the experience of neighbouring countries and other jurisdictions which have active privacy laws, organisations in Namibia must take proactive steps to pre-empt such laws and start examining their implications due to the significant role data protection and digital privacy currently play,” the firm stated.
Speaking to Namibian Sun yesterday, IPPR’s Research Associate, Frederico Links says such a law should specify when and how affected parties must notify customers in the event of a data breach.
His remarks come at a time when the government is grappling with a serious cybersecurity incident which saw its telecommunication’s parastatal, Telecom Namibia being hacked, and sensitive information of clients being leaked.
Telecom fell prey to a ransomware attack which led to 626.3 gigabytes of data being compromised, subsequently compromising the information of over 500 000 Telecom clients.
The incident has sparked public outrage among Namibians, citing the glaring lack of a robust legal framework to protect citizens and their data entrusted to third parties for service provision.
Links accused both Telecom Namibia and the Communications Regulatory Authority of Namibia (CRAN) of failing to adequately and timeously notify clients whose data fell into the wrong hands.
“Both entities only notified the public long after the incident became known. In fact, it appears Telecom Namibia intentionally tried to obscure the breach, which is not an appropriate response to such a serious cybersecurity issue involving customers’ personal and private information,” Links explained.
One far-reaching implication of the reported Telecom cyberattack is the potential exposure of banking details, as many users pay for Wi-Fi or other services through debit orders or online transactions, according to research findings.
As of yesterday, FNB Namibia confirmed that there had been no direct communication between the bank and Telecom Namibia regarding the reported cyberattack.
Tracy Eagles, Chief Marketing Officer of FirstRand Namibia, stated: “We do not have the full details of Telecom’s incident and therefore cannot speak to which specific cybersecurity measures are relevant to the potential issue. However, we urge our customers to remain vigilant by not sharing any passwords, OTPs or any other personal details relevant to their bank accounts.”
DATA LAWS
For the past ten years, efforts by the Ministry of Information and Communication Technology (MICT) have focused on tabling the Data Protection Bill, but it has not come to fruition yet.
In a paper released recently, ENS Africa noted that Namibia currently lacks comprehensive data protection legislation in line with the constitutional right to privacy and other laws such as the Labour Act and the Financial Intelligence Act, leaving personal data processing unregulated.
“Namibia’s Data Protection Bill of 2023 is still in its early legislative steps and must undergo further parliamentary review before it is passed into law. Although the Bill is not yet in force, drawing from the experience of neighbouring countries and other jurisdictions which have active privacy laws, organisations in Namibia must take proactive steps to pre-empt such laws and start examining their implications due to the significant role data protection and digital privacy currently play,” the firm stated.
Comments
Namibian Sun
No comments have been left on this article