Section 40 of Computer Misuse and Cybercrime Act No 5 of 2018: Reporting of cyber threat
(1) A person who operates a computer system or a computer network, whether public or private, shall immediately inform the Committee of any attacks, intrusions and other disruptions to the functioning of another computer system or network within twenty four hours of such attack, intrusion or disruption.
(2) A report made under subsection (1) shall include—
(a) information about the breach, including a summary of any information that the agency knows on how the breach occurred;
(b) an estimate of the number of people affected by the breach;
(c) an assessment of the risk of harm to the affected individuals; and
(d) an explanation of any circumstances that would delay or prevent the affected persons from being informed of the breach.
(3) The Committee may propose the isolation of any computer systems or network suspected to have been attacked or disrupted pending the resolution of the issues.
(4) A person who contravenes the provisions of subsection (1) commits an offence and is liable upon conviction a fine not exceeding two hundred thousand shillings or imprisonment for a term not exceeding two years, or to both.
Enhance Your Research with Bookmarks and Annotations
Here's how you can use these features:
- To bookmark this page, click the "Bookmark this Page" button below the document title.
- To add an annotation, highlight text in the document and select "Add Annotation" from the toolbar that appears.
- These features are great for organizing your research and keeping track of key information.
- You can view and manage your bookmarks and annotations on your Bookmarks and Annotations page.
- Section 41 - Employee responsibility to relinquish access codes
(1) An employee shall, subject to any contractual agreement between the employer and the employee, relinquish all codes and access rights to their employer's computer network or system immediately...
- Section 42 - Aiding or abetting in the commission of an offence
(1) A person who knowingly and willfully aids or abets the commission of any offence under this Act commits an offence and is liable, on conviction, to a fine not exceeding seven million shillings or...
- Section 43 - Offences by a body corporate and limitation of liability
(1) Where any offence under this Act has been committed by a body corporate—
(a) the body corporate is liable, on conviction, to a fine not exceeding fifty million shillings; and
(b) every person...
- Section 44 - Confiscation or forfeiture of assets
(1) A court may order the confiscation or forfeiture of monies, proceeds,properties and assets purchased or obtained by a person with proceeds derived from or in the commission of an offence under...
- Section 45 - Compensation order
(1) Where the court convicts a person for any offence under this Part, or foran offence under any other law committed through the use of a computer system, the court may make an order for the payment...
- Section 46 - Additional penalty for other offences committed through use of a computer system
(1) A person who commits an offence under any other law through the use of a computer system commits an offence and shall be liable on conviction to a penalty similar to the penalty provided under...
- Section 47 - Scope of procedural provisions
(1) All powers and procedures under this Act are applicable to and may beexercised with respect to any —
(a) criminal offences provided under this Act;
(b) other criminal offences committed by means...
- Section 48 - Search and seizure of stored computer data
(1) Where a police officer or an authorised person has reasonable grounds to believe that there may be in a specified computer system or part of it, computer data storage medium, program, data,...
- Section 49 - Record of and access to seized data
(1) Where a computer system or data has been removed or rendered inaccessible, following a search or a seizure under section 48, the person who made the search shall, at the time of the search or as...
- Section 50 - Production order
(1) Where a police officer or an authorised person has reasonable grounds tobelieve that —
(a) specified data stored in a computer system or a computer data storage medium is in the possession or...
- Section 51 - Expedited preservation and partial disclosure of traffic data
(1) Where a police officer or an authorised person has reasonable grounds to believe that —
(a) any specified traffic data stored in any computer system or computer data storage medium or by means of...
- Section 52 - Real-time collection of traffic data
(1) Where a police officer or an authorised person has reasonable grounds to believe that traffic data associated with specified communications and related to the person under investigation is...
- Section 53 - Interception of content data
(1) Where a police officer or an authorised person has reasonable grounds to believe that the content of any specifically identified electronic communications is required for the purposes of a...
- Section 54 - Obstruction and misuse of power
(1) A person who obstructs the lawful exercise of the powers under this Part,including destruction of data, or fails to comply with the requirements of this Part is liable, on conviction, to a fine...
- Section 55 - Appeal
Any person aggrieved by any decision or order of the Court made under this Part, may appeal to the High Court or Court of Appeal as the case may be within thirty days from the date of the decision or...
- Section 56 - Confidentiality and limitation of liability
(1) A service provider shall not be subject to any civil or criminal liability, unless it is established that the service provider had actual notice, actual knowledge, or willful and malicious intent,...
- Section 57 - General principles relating to international cooperation
(1) This Part shall apply in addition to the Mutual Legal Assistance Act, 2011 (No. 36 of 2011) and the Extradition (Contiguous and Foreign Countries) Act (Cap. 76).
(2) The Central Authority may...
- Section 58 - Spontaneous information
(1) The Central Authority may, subject to this Act and other relevant law, without prior request, forward to a foreign State information obtained within the framework of its own investigations when it...
- Section 59 - Expedited preservation of stored computer data
(1) Subject to section 57, a requesting State which has the intention to make a request for mutual legal assistance for the search or similar access, seizure or similar securing or the disclosure of...
- Section 60 - Expedited disclosure of preserved traffic data
Where during the course of executing a request under section 57 with respect to a specified communication, the investigating agency discovers that a service provider in another State was involved in...
- Section 61 - Mutual assistance regarding accessing of stored computer data
(1) Subject to section 57, a requesting State may request the Central Authority to search or similarly access, seize or similarly secure, and disclose data stored by means of a computer system located...
- Section 62 - Trans-border access to stored computer data with consent or where publicly available
A police officer or authorised person may, subject to any applicable provisions of this Act —
(a) access publicly available stored computer data, regardless of where the data is located...
- Section 63 - Mutual assistance in the real-time collection of traffic data
(1) Subject to section 57, a requesting State may request the Central Authority to provide assistance in real-time collection of traffic data associated with specified communications in Kenya...
- Section 64 - Mutual assistance regarding the interception of content data
(1) Subject to section 57, a requesting State may request the Central Authority to provide assistance in the real-time collection or recording of content data of specified communications in the...
- Section 65 - Point of contact
(1) The Central Authority shall ensure that the investigation agency responsible for investigating cybercrime, shall designate a point of contact available on a twenty-four hour, seven-day-a-week...
- Section 66 - Territorial jurisdiction
(1) Any court of competent jurisdiction shall try any offence under this Act where the act or omission constituting the offence is committed in Kenya.
(2) For the purposes of subsection (1), an act...
- Section 67 - Forfeiture
The court before which a person is convicted of any offence may, in addition to any other penalty imposed, order the forfeiture of any apparatus, device or thing to the Authority which is the subject...
- Section 68 - Prevailing Clause
Whenever there is a conflict between this Act and any other law regarding cybercrimes, the provisions of this Act shall supersede any such other law.
- Section 69 - Consequential Amendments
The laws specified in the first column of the Schedule are amended, in the provisions specified in the second column thereof, in the manner respectively specified in the third column.
- Section 70 - Regulations
(1) The Cabinet Secretary may make regulations generally for the better carrying into effect of any provisions under this Act.
(2) Without prejudice to the foregoing, regulations made under this...