Section 12 of Computer Misuse and Cybercrime Act No 5 of 2018: Information sharing agreements
(1) A private entity may enter into an information sharing agreement with a public entity on critical information infrastructure.
(2) An agreement under subsection (1) shall only be entered into for the following purposes and in line with a critical infrastructure framework—
(a) to ensure cyber security;
(b) for the investigation and prosecution of crimes related to cyber security;
(c) for the protection of life or property of an individual; and
(d) to protect the national security of the country.
(3) Prior to the sharing of information under subsection (1), a party to an agreement shall review the information and ascertain whether the information contains personal details that may identify a specific person not directly related to a threat that amounts to a computer and cybercrime and remove such information.
(4) A person shall not, under this Part, share information relating to the health status of another person without the prior written consent of the person to whom the information relates.
Enhance Your Research with Bookmarks and Annotations
Here's how you can use these features:
- To bookmark this page, click the "Bookmark this Page" button below the document title.
- To add an annotation, highlight text in the document and select "Add Annotation" from the toolbar that appears.
- These features are great for organizing your research and keeping track of key information.
- You can view and manage your bookmarks and annotations on your Bookmarks and Annotations page.
- Section 13 - Auditing of critical information infrastructures to ensure compliance
(1) The owner or person in control of a critical information infrastructure shall annually submit a compliance report on the critical information infrastructure to the Committee in line with a...
- Section 14 - Unauthorised access
(1) A person who causes, whether temporarily or permanently, a computer system to perform a function, by infringing security measures, with intent to gain access, and knowing such access is...
- Section 15 - Access with intent to commit further offence
(1) A person who commits an offence under section 14 with intent to commit afurther offence under any law, or to facilitate the commission of a further offence by that person or any other person,...
- Section 16 - Unauthorised interference
(1) A person who intentionally and without authorisation does any act which causes an unauthorised interference, to a computer system, program or data, commits an offence and is liable on conviction,...
- Section 17 - Unauthorised interception
(1) A person who intentionally and without authorisation does any act which intercepts or causes to be intercepted, directly or indirectly and causes the transmission of data to or from a computer...
- Section 18 - Illegal devices and access codes
(1) A person who knowingly manufactures, adapts, sells, procures for use, imports, offers to supply, distributes or otherwise makes available a device, program, computer password, access code or...
- Section 19 - Unauthorised disclosure of password or access code
(1) A person who knowingly and without authority discloses any password,access code or other means of gaining access to any program or data held in any computer system commits an offence and is...
- Section 20 - Enhanced penalty for offences involving protected computer system
(1) Where a person commits any of the offences specified under sections 14,15, 16 and 17 on a protected computer system, that person shall be liable, on conviction, to a fine not exceeding twenty five...
- Section 21 - Cyber espionage
(1) A person who unlawfully and intentionally performs or authorizes or allows another person to perform a prohibited act envisaged in this Act, in order to —
(a) gain access, as provided under...
- Section 22 - False publications
(1) A person who intentionally publishes false, misleading or fictitious data or misinforms with intent that the data shall be considered or acted upon as authentic, with or without any financial...
- Section 23 - Publication of false information
A person who knowingly publishes information that is false in print, broadcast, data or over a computer system, that is calculated or results in panic, chaos, or violence among citizens of the...
- Section 24 - Child pornography
(1) A person who, intentionally —
(a) publishes child pornography through a computer system;
(b) produces child pornography for the purpose of its publication through a computer...
- Section 25 - Computer forgery
(1) A person who intentionally inputs, alters, deletes, or suppresses computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were...
- Section 26 - Computer fraud
(1) A person who, with fraudulent or dishonest intent—
(a) unlawfully gains;
(b) occasions unlawful loss to another person; or
(c) obtains an economic benefit for oneself or for another person,...
- Section 27 - Cyber harassment
(1) A person who, individually or with other persons, wilfully communicates, either directly or indirectly, with another person or anyone known to that person, commits an offence, if they know or...
- Section 28 - Cybersquatting
A person who, intentionally takes or makes use of a name, business name, trademark, domain name or other word or phrase registered, owned or in use by another person on the internet or any other...
- Section 29 - Identity theft and impersonation
A person who fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person commits an offence and is liable, on conviction,...
- Section 30 - Phishing
A person who creates or operates a website or sends a message through a computer system with the intention to induce the user of a website or the recipient of the message to disclose personal...
- Section 31 - Interception of electronic messages or money transfers
A person who unlawfully destroys or aborts any electronic mail or processes through which money or information is being conveyed commits an offence and is liable on conviction to a fine not exceeding...
- Section 32 - Willful misdirection of electronic messages
A person who willfully misdirects electronic messages commits an offence and is liable on conviction to a fine not exceeding one hundred thousand shillings or to imprisonment for a term not exceeding...
- Section 33 - Cyber terrorism
(1) A person who accesses or causes to be accessed a computer or computer system or network for purposes of carrying out a terrorist act, commits an offence and shall on conviction, be liable to a...
- Section 34 - Inducement to deliver electronic message
A person who induces any person in charge of electronic devices to deliver any electronic messages not specifically meant for him commits an offence and is liable on conviction to a fine not exceeding...
- Section 35 - Intentionally withholding message delivered erroneously
A person who intentionally hides or detains any electronic mail, message, electronic payment, credit and debit card which was found by the person or delivered to the person in error and which ought to...
- Section 36 - Unlawful destruction of electronic messages
A person who unlawfully destroys or aborts any electronic mail or processes through which money or information is being conveyed commits an offence and is liable on conviction to a fine not exceeding...
- Section 37 - Wrongful distribution of obscene or intimate images
A person who transfers, publishes, or disseminates, including making a digital depiction available for distribution or downloading through a telecommunications network or though any other means of...
- Section 38 - Fraudulent use of electronic data
(1) A person who knowingly and without authority causes any loss of property to another by altering, erasing, inputting or suppressing any data stored in a computer, commits an offence and is liable...
- Section 39 - Issuance of false e-instructions
A person authorized to use a computer or other electronic devices for financial transactions including posting of debit and credit transactions, issuance of electronic instructions as they relate to...
- Section 40 - Reporting of cyber threat
(1) A person who operates a computer system or a computer network, whether public or private, shall immediately inform the Committee of any attacks, intrusions and other disruptions to the functioning...
- Section 41 - Employee responsibility to relinquish access codes
(1) An employee shall, subject to any contractual agreement between the employer and the employee, relinquish all codes and access rights to their employer's computer network or system immediately...
- Section 42 - Aiding or abetting in the commission of an offence
(1) A person who knowingly and willfully aids or abets the commission of any offence under this Act commits an offence and is liable, on conviction, to a fine not exceeding seven million shillings or...
- Section 43 - Offences by a body corporate and limitation of liability
(1) Where any offence under this Act has been committed by a body corporate—
(a) the body corporate is liable, on conviction, to a fine not exceeding fifty million shillings; and
(b) every person...
- Section 44 - Confiscation or forfeiture of assets
(1) A court may order the confiscation or forfeiture of monies, proceeds,properties and assets purchased or obtained by a person with proceeds derived from or in the commission of an offence under...
- Section 45 - Compensation order
(1) Where the court convicts a person for any offence under this Part, or foran offence under any other law committed through the use of a computer system, the court may make an order for the payment...
- Section 46 - Additional penalty for other offences committed through use of a computer system
(1) A person who commits an offence under any other law through the use of a computer system commits an offence and shall be liable on conviction to a penalty similar to the penalty provided under...
- Section 47 - Scope of procedural provisions
(1) All powers and procedures under this Act are applicable to and may beexercised with respect to any —
(a) criminal offences provided under this Act;
(b) other criminal offences committed by means...
- Section 48 - Search and seizure of stored computer data
(1) Where a police officer or an authorised person has reasonable grounds to believe that there may be in a specified computer system or part of it, computer data storage medium, program, data,...
- Section 49 - Record of and access to seized data
(1) Where a computer system or data has been removed or rendered inaccessible, following a search or a seizure under section 48, the person who made the search shall, at the time of the search or as...
- Section 50 - Production order
(1) Where a police officer or an authorised person has reasonable grounds tobelieve that —
(a) specified data stored in a computer system or a computer data storage medium is in the possession or...
- Section 51 - Expedited preservation and partial disclosure of traffic data
(1) Where a police officer or an authorised person has reasonable grounds to believe that —
(a) any specified traffic data stored in any computer system or computer data storage medium or by means of...
- Section 52 - Real-time collection of traffic data
(1) Where a police officer or an authorised person has reasonable grounds to believe that traffic data associated with specified communications and related to the person under investigation is...
- Section 53 - Interception of content data
(1) Where a police officer or an authorised person has reasonable grounds to believe that the content of any specifically identified electronic communications is required for the purposes of a...
- Section 54 - Obstruction and misuse of power
(1) A person who obstructs the lawful exercise of the powers under this Part,including destruction of data, or fails to comply with the requirements of this Part is liable, on conviction, to a fine...
- Section 55 - Appeal
Any person aggrieved by any decision or order of the Court made under this Part, may appeal to the High Court or Court of Appeal as the case may be within thirty days from the date of the decision or...
- Section 56 - Confidentiality and limitation of liability
(1) A service provider shall not be subject to any civil or criminal liability, unless it is established that the service provider had actual notice, actual knowledge, or willful and malicious intent,...
- Section 57 - General principles relating to international cooperation
(1) This Part shall apply in addition to the Mutual Legal Assistance Act, 2011 (No. 36 of 2011) and the Extradition (Contiguous and Foreign Countries) Act (Cap. 76).
(2) The Central Authority may...
- Section 58 - Spontaneous information
(1) The Central Authority may, subject to this Act and other relevant law, without prior request, forward to a foreign State information obtained within the framework of its own investigations when it...
- Section 59 - Expedited preservation of stored computer data
(1) Subject to section 57, a requesting State which has the intention to make a request for mutual legal assistance for the search or similar access, seizure or similar securing or the disclosure of...
- Section 60 - Expedited disclosure of preserved traffic data
Where during the course of executing a request under section 57 with respect to a specified communication, the investigating agency discovers that a service provider in another State was involved in...
- Section 61 - Mutual assistance regarding accessing of stored computer data
(1) Subject to section 57, a requesting State may request the Central Authority to search or similarly access, seize or similarly secure, and disclose data stored by means of a computer system located...
- Section 62 - Trans-border access to stored computer data with consent or where publicly available
A police officer or authorised person may, subject to any applicable provisions of this Act —
(a) access publicly available stored computer data, regardless of where the data is located...