“In Zimbabwe, data is very safe. The government has taken measures to ensure that data is very safe. While many government bodies have established endpoint security policies, they do not have the right security management software and laws to enforce them. Users continue to run software that is either unauthorized or is without the latest patches, opening the doors to cyber criminals and cyber terrorists. Users can also remove data from government networks via removable devices or media and if the data is not encrypted, sensitive information can be exposed. Apart from the investment in equipment and software that protects data; the Zimbabwean government has gone a step further to use legislation that protects data. The following are existing data protection laws. The New Constitution, Courts and Adjudicating Authorities (Publicity Restrictions) Act Chapter 7:04, Census and Statistics Act Chapter 10:05, Banking Act Chapter 24:20, National Registration Act Chapter 10:17, Interception of Communications Act Chapter 11:20, Access to Information and Protection of Privacy Act Chapter 10:27.
The constitution of Zimbabwe provides for the right to privacy which applies to everyone. Access to information is provided for and applies to everyone, and for information held by the State or by any person and for the latter to the extent that the information is required for the exercise or protection of a right. Courts and Adjudicating Authorities (Publicity Restrictions) Act Chapter 7:04, regulates and restricts attendance at and publication of proceedings of courts and adjudicating authorities. Section 3, restriction of disclosure of proceedings where the court or adjudicating authority considers it necessary or expedient to do so either at its instance or that of the party involved. Publication of the name, address or other information likely to reveal the identity of any person concerned or mentioned can be withheld if it would cause prejudice or is likely to cause prejudice to the party or if it’s in the interest of justice. Census and Statistics Act provides for a census to be held on such other particulars whatsoever; as shall be prescribed, which involves the collection of data, Section 10: restricts disclosure of information collected which enables the identification of the person taking part in the census unless they are employed in carrying out the provisions of the Act Section 13 also creates offences and penalties for unlawful use and disclosure of any information collected. Banking Act Chapter 24:20 Sections 76 & 77 restrict the disclosure and use of collected information by the Registrar of the Reserve Bank, his representatives or employees, a curator or an auditor of the Banking Institution, but does not however deal with the Banking Institutions specifically. National Registration Act Chapter 10:17 the Registrar-General must keep in safe custody any information acquired in the performance of his duties. All persons who are employed in carrying out the provisions of the Act are required to keep secret and aid in keeping secret all information coming to their knowledge in the exercise of their duties.
Interception of Communications Act Chapter 11:20 no person is allowed to intercept any communication in the course of its transmission unless, he or she is a party to the communication; or he or she has the consent of the person to whom, or the person by whom, the communication is sent; or he or she is authorized by a warrant. Unlawful Interception attracts a penalty of a fine of up to US$5000 or imprisonment of up to 5years. Access to Information and Protection of Privacy Act Chapter 10:27 provides members of the public with a right of access to records and information held by public bodies; and makes public bodies accountable by giving the public a right to request correction of misrepresented personal information; to prevent the unauthorized collection, use or disclosure of personal information by public bodies; to protect personal privacy.” – Soul Nyangoni – Harare, Zimbabwe