Definition of Data

Data is not defined

Main Focus of Document

Regulates the use of information and also how communications are managed

Target Beneficiaries or Sector

Government, Citizens

Key Elements

The Act encompasses regulations for various areas, including computer misuse and cybercrime; electronic records and electronic signatures; electronic transactions and e-government services. Key details include:

137. (1) Information and communications service providers shall be authorized to process the personal data of end-users and subscribers, to the extent required and necessary:  
      (a) for their identification for the purpose of drawing up contracts for information and communications services;  
      (b) to define and amend the contents of these contracts;  
      (c) to monitor contractual performance, billing charges and fees as contracted; and  
      (d) for enforcing any related claims.  
(2) Information and communications service 
Providers shall be authorized to process personal data in connection with billing charges for information and communications services, to the extent required and necessary for calculating and billing charges, in particular, the data relating to the date, the duration and place of the service to which it pertains.  
 (3) In addition to the identification and other personal data referred to in subsections (1) and (2), information and communications service providers may also process the type of personal data which is technically essential for the provision of services.  
 (4) Information and communications service providers shall use in their operations for providing information and communications services only the type of information and communications apparatuses which have sufficient facilities to ensure that personal data is processed only where it is absolutely necessary in terms of the provision of services and for the implementation of other objectives specified in this Act.  
(5) Information and communications service providers shall delete any personal data from its records that is used for purposes other than those defined in subsections (1) to (3) immediately on gaining knowledge of an unlawful data processing.  
 (6) The provision of information and communications services shall not be rendered contingent on the user providing consent for processing his or her personal data for purposes other than those defined in subsections (1) to (3). 
 (7) Information and communications service providers shall enable the end-users to have access to information concerning the type of personal data the service provider is processing and the objectives, at any time before and during the use of the information and communications services.  
 
163. (1) Subject to subsections (2) and (3), a person who causes a computer system to perform a function, knowing that the access he or she intends to secure is unauthorized, commits an offence and is liable on conviction to a fine of two hundred thousand dalasis or imprisonment for a term not exceeding five years, or to both the fine and imprisonment. 
 (2) A person shall not be liable under subsection (1) where he or she: 
 (a) is a person with a right to control the operation or use of the computer system and exercises such right in good faith; 
 (b) has the express or implied consent of the person, empowered to authorise him or her, to have such an access; 
 (c) has reasonable grounds to believe that he or she had the consent as specified in paragraph (b); 
 (d) is acting pursuant to measures that can be taken under this Act; or 
 (e) is acting in reliance of any statutory power arising under any enactment for the purpose of obtaining information, or of taking possession of, any document or other property. 
 (3) access by a person to a computer system is unauthorized where the person: 
 (a) is not himself or herself entitled to control access of the kind in question; and 
 (b) does not have consent to access by him or herself of the kind in question from any person who is so entitled. 
 (4) For the purposes of this section, it is immaterial that the unauthorized access is not directed a: 
 (a) any particular programme or data; 
 (b) a programme or data of any kind; or 
 (c) a programme or data held in any particular computer system. 

Policy/Regulation Mirrors

n/a