Data legislation, governance and policy/Abraham M Keetshabe
NATIONAL WORKSHOP ON OPEN DATA OPEN SCIENCE,
UNIVERSITY OF BOTSWANA CONFERENCE CENTRE
30 OCTOBER 2017
DATA LEGISLATION, GOVERNANCE AND POLICY
Adv. Abraham M Keetshabe
Attorney General of Botswana
National ICT Policy
The development of the National ICT Policy of Botswana actively involved a
wide range of participants from the public and private sectors, as well as the
civil society. A National Steering Committee and seven Taskforces,
comprising experts from around the country, were established to assist in
developing the policy. The Taskforces examined effective application of ICT
in the following 7 areas:
• Community Access and Development
• Economic Development and Growth of the ICT Sector
• Infrastructure and Security
• Legislation and Policy. 2
Maitlamo, Botswana’s National Information and Communications Policy was approved
by the National Assembly in August 2007.
Policy provides Botswana with a clear and compelling roadmap that will drive social,
economic, cultural and political transformation in the years ahead through the effective
use of ICT.
Policy supported Vision 2016 and still supports the current Vision 2036.
The Policy acts as an enabler for economic growth and national development of
Policy provides that national connectivity will help draw communities closer together and
facilitate economic growth and development in all regions of the country. Batswana will
have access to data and information that will assist them in their everyday lives.
On-line information on employment, community development, healthcare, education and
government services all feature prominently in the Policy’s recommendations. Increased
levels of e-commerce will enable local companies to compete in the global marketplace,
and the development of a vibrant and entrepreneurial ICT sector will create further
employment, greater economic diversification and boost investor confidence.
Paragraph 6.8.5 of the Maitlamo Policy provides that:
“Specific initiatives for the Connectivity Laws and Policies Programme include:
Media neutral legislation to deal with electronic documents (e-Commerce
Amendments to specific legislation, including the Criminal Procedure and
Evidence Act, the Authentication of Documents Act, and the Foreign Documents
Development of policy and possibly legislation dealing with electronic
Development of policy and possibly a combination of legislation and
industry codes of conduct to deal with the protection of personal privacy,
particularly in the context of cross-border data flow, health care and
financial services and transactions.”
The Botswana Government e-Legislation programme gives meaning to this
Maitlamo on Legislative Infrastructure
Development of legal & regulatory
framework is at embryonic stage, work
having started in earnest in the year 2010.
March 1 – May 7, 2010 May 12 -28, 2010 Jun 1 – 30, 2010 Jul 2 – 30, 2010
ICT Policy and Legislative Framework Development
• Gain feedback on
the identified lists
• Gain feedback on
study tour report
• Gain feedback on
Preparation for Drafting
•Identify key stakeholders
•Review Terms and Conditions for e-Legislation
Advisory and Consulting Services
•Train stakeholders on drafting procedures
•Engage lead Ministry on a one-to-one discussions to
clarify their roles
•Appoint task force for various legislation
•Agree on drafting schedules
Identification of Policies and Legal
•List of existing policies and laws
•List of policies and laws requiring revision
•List of new laws and policies to be developed
Prepare benchmark and study
•Review presentations and documents
•Highlight lessons learnt and
•Prioritise identified policies and legislation
• Finalised list
• Task Teams
Capacity Building for the Legislative
• Develop training plan and secure funding
On Going Well
Data Protection – new legislation required – ongoing.
Electronic Commerce - new legislation required – done.
Electronic signatures - new legislation required – done.
These 2 have been combined to generate the Electronic
Communications and Transactions Act.
Cybercrime and Computer Related Crimes Act – review existing
Act – ongoing.
Electronic Evidence Bill – review existing Bill – done and
Botswana Government e-Legislation
The availability of data has increased exponentially during the
last couple of decades. Notice the term used is data, not
The term information implies that data has been analyzed in a
clear and useful manner. Good information always contains
Since some data is collected without any defined goal in mind,
not all data can result in useful information.
The Dictionary defines the word “data” simply as facts and statistics collected together
for reference or analysis.
The 2012 African Union (AU) Convention on Cyber Security in Africa provides the
following legal definition for the below listed types of data:
“Personal data” – any information relating to an identified or identifiable natural person
by which this person can be identified , directly or indirectly in particular by reference to
an identification number or to one or more factors specific to his/her physical,
physiological, mental, economic, cultural or social identity.
“Sensitive data” – all personal data relating to religious, philosophical, political and
trade-union opinions and activities, as well as to sex life or race, health, social measures,
legal proceedings and penal or administrative sanctions.
“Health data”- all information relating to the physical or mental state of the data subject,
including the aforementioned genetic data.
“Data subject” – any natural person that is the subject of personal data processing.
WHAT IS DATA?
Personal Data Protection
The Government of Botswana recognises that the introduction of electronic
commerce and e-services will bring about increased opportunities for the abuse of
personal data. For this reason, the drafting of the Data Protection Act has been
identified as a priority.
A draft of the Bill has been completed and consultations are ongoing.
Examples of "personal data" are: address, national identity card, credit card number,
bank statements, criminal record, etc.
Main purpose of data protection legislation is to ensure that personal data is not
processed without the knowledge and, except in certain cases, the consent of the data
To ensure that personal data which is processed is accurate, and to enforce a set of
standards for the processing of such information.
This legislation sets out principles of good information handling so as to guarantee
the protection of personal information. It protects the individual’s right to privacy
with respect to the processing of data and ensures that personal data is only processed
in accordance with set requirements.
Principles of Personal Data Protection
The Bill covers the well known principles of personal data protection:
Personal data is processed fairly and lawfully;
Personal data is always processed in accordance with good practice;
Personal data is only collected for specific, explicitly stated and legitimate purpose;
Personal data is not processed for any purpose which is incompatible with that for which the
information was originally collected;
Personal data that is processed is adequate and relevant in relation to the purposes of
Personal data that is processed is correct, and if necessary, up to date;
All reasonable measures are taken to complete, correct, block or erase data to the extent that
such data is incomplete or incorrect, having regard to the purposes for which they are
Data Collectors such as educational institutions, employers and banks are obliged to inform
individuals of the reasons for collecting information about them; that individuals are assured
that the data collected will not be used for any purpose other than that which has been specified
by the data collector; that explicit consent from individuals is necessary in order to process
sensitive personal data (data that reveals race, ethnic origin, political opinion, religious or
philosophical beliefs, health, sex life); 12
Data Regulatory Authority
The Office of Commissioner of Data Protection be established and
amongst others, the Commissioner be responsible for supervising
implementation and enforcement of the Data Protection Act, with
particular emphasis on ensuring that the individual’s right to
privacy is protected and upheld and that processing is done in
such a way that data is secure as well as to guard against
unauthorised access, alteration, disclosure, destruction of personal
data and that it is processed in a manner consistent with the law.
Further, the law seeks to establish a Tribunal whose primary
function is to hear appeals from any person aggrieved by a
decision of the Commissioner of Data Protection.
While Botswana is somehow behind in enacting legislation on
personal data protection, there is some measureable progress in
the sense that the drafting of the Bill has been completed. The
process of presenting this Bill to Parliament is ongoing.
Cyber security by its nature transcends all boundaries. There is
need to adopt a multinational approach that will bring together
all countries irrespective of distance.
This calls for appropriate coordination and collaboration as well
as uniformity in procedures and processes. Notably, there are
various means of achieving this crucial exercise; and these
should be explored.
Botswana, or any other country, cannot succeed in the
implementation of its ICT Policy unless cogent action, in terms of
legislation, is taken to deal with these issues.
ACHIEVING PROSPERITY FOR ALL
Questions and/or Answers