Upload
ict-authority
View
220
Download
0
Embed Size (px)
Citation preview
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 1/43
Developing an enabling legal and regulatory frameworkfor e-Government services in Kenya
Final Presentation - Nairobi, 17th March 2011IBM Corporate Services Corps – Team Kenya 2 – Subteam Chui
Anna Choi (KR), Nimeesh Kaushal (CA), Luan Nio (CH), Dave Sloan (US)
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 2/43
2
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Agenda
• Project Overview and Approach
• Current state of Kenya e-Government
• Recommendations
– Global best practices and Key Principles in e-Government legalframeworks
– Sample legislation that highlights critical e-Government elements – Implementation action plan
• Q&A
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 3/43
3
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Agenda
• Project Overview and Approach
• Current state of Kenya e-Government
• Recommendations
– Global best practices and Key Principles in e-Government legalframeworks
– Sample legislation that highlights critical e-Government elements – Implementation action plan
• Q&A
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 4/43
4
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
IBMs view on a Smarter Government
Source: IBM Institute for Business Value, The State of Smarter Government, 2010
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 5/43
5
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Getting Kenya to the next maturity level in eGovernment
Source: Booz Allen Hamilton, Beyond e-Government, 2005
Kenya Today
Kenya Tomorrow
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 6/43
6
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Objectives and Scope of this assignment
• Develop legal and regulatory framework tosupport e-Government services Facilitate the adoption of e-Government
servicesMaximize their effectiveness Ensure their sustainability
WHAT
• Gap analysis on international best practiceson data access framework
• Focus on elements of the identified NationalData and Public Services challenges• Review of the current state of the art• Identify unique opportunities or constraints
that exist in Kenya via interviews• Distill inputs into key principles that can be
enshrined in legal and regulatory policy
HOW
• 2 months preparation in home countries(December – February)
• 1 month in-country, based in Nyeri, meetingsin Nyeri and Nairobi (February – March)
• Presentation and Final Deliverables on March17th
WHEN
• Vision 2030
• Constitution• Relevant statutes
(e.g. KenyaCommunications Act)
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 7/43
7
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Top 10 e-Government countries
Source: United Nations eGovernment Survey 2010
The e-Government Development Index is the UN’s ranking system, from 0 to 1, used toindicate the level of maturity of e-government services.
The above 4 countries are well represented in our team composition
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 8/43
8
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Focus Areas
Universal primary
keys to uniquelyidentify people,
companies, assets,etc. across all
government dataholdings
Centralized,
exhaustivesystems for
people,companies, assets,
etc. available foruniversal referenceand cross-cutting
analytics
Require systems to
refer to andcoordinate withNational Data
Warehouses whenthey exist
Shifting from data
ownership to datastewardship,
facilitating re-useof public sector
information
Standard
identification,permission andenforcement ofprotected data,and guaranteedcitizen access to
data
Authority to require
adherence to acommon data
security standard,including audit
Standard KeysNational DataWarehouses
PreventingRedundantSystems
PublicOwnership ofPublic Data
Definition of,access to and
penalties forillegal access
to privateversus public
data
Security ofpublic data
Based on our analysis, we have identified 6 major areas you need to focus on
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 9/43
9
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Interviews and Visits
1. Dr. Katherine Getao, ICT Secretary, Director ofeGovernment
2. Mary Muchene, District Commissioner, District ofNyeri
3. Jane Otoko, Head of ICT, Ministry of Immigration& Registration of Persons
4. Patrick Njoroge, Assistant Director ICT in StateLaw Office, Office of Attorney General
5. Zeba Nyikal
6. James Opundo and Nicholas Ongeri - LegalOfficers, Ministry of Immigration & Registration ofPersons
7. Javan Bonaya, Passport Registration Office,Nyayo House, Nairobi
8. Tony Onyango and Maxim Itur, NationalRegistration Bureau, Makadara Station, Nairobi
9. Samuel Lukanu and Bente Were, Birth/DeathRegistration Office, Sheria House, Nairobi
10.Samuel N. Kimotho, District Civil Registrar,Birth/Death Registration Office, Nyeri
11.Michael A. Kana, District Administrative PoliceCommander, Nyeri
12.Vivian Ashioya, IBM Account Manager
13.Citizens
1. Ministry of Immigration and Registration of Persons
2. Department of Immigration, Passport Registration
Office, Nyayo House, Nairobi
3. National Registration Bureau, Makadara Station,Nairobi
4. Civil Registration Department, Sheria House,
Nairobi
5. Civil Registration Department, Nyeri District
VisitsInterviews
1. Stakeholder´s Workshop on e-Government
Strategic Plan, Kenya Institute of Education, 9th
March 2011
Meetings
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 10/43
10
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Agenda
• Project Overview and Approach
• Current state of Kenya e-Government
• Recommendations
– Global best practices and Key Principles in e-Government legalframeworks
– Sample legislation that highlights critical e-Government elements – Implementation action plan
• Q&A
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 11/43
11
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Department of Immigration – HQ Nyayo HousePassport application process
National Registration Bureau – Makadara StationNational ID card application process
Civil Registration Department – Sheria HouseBirth Certificate application process
Because of these time-
consuming, redundant and manual processes, the
criticality for a solid legal framework for e-Government is even more urgent
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 12/43
12
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Focus Areas – Summary of Findings
Potential SharedKeys
•Lack of keys will inhibit interoperability
without entity disambiguation exercises•No consistent shared keys exist across
systems
•IPRS Integrated PIN universal for all
registered Kenyans and registeredforeigners, but largely unknown outside of
IPRS
Citizen andCorporate
Registry
•IPRS represents best current NDW•Lack of universal and real-timecoordination with other repositories leaves
room for fraud and manipulation
•IPRS collects data from many systems•Data exchanges occur ad hoc, in bulk andwith infrequent updates
•No or immature NDW exist in Kenya, butpotential candidates exist
•Finding correct information is time-consuming•Ministries operate inefficiently with
duplicate information collected, often withthe same purpose
InformationRedundancy and
silos / DigitizedInfo.
•Physical sources are distributed acrossministries and districts and are redundantlyarchived
•Requests for information betweenministries are manual, on paper
Shifting from
data ownershipto data
stewardship
•Ownership is asserted in such a way thatit inhibits collaboration and informationsharing•Time-consuming efforts to identifystructures around data governance
•No legislation states who owns data, whoacts as data steward or how public datashould be shared
•No culture of sharing public data
Adherence to a
common data
security standardincl. auditing
•Differing or absent standards for securing
public data risks compromised security at
all times•Security violations go undiscovered
•No uniform mechanism or auditing in
Kenya to protect public data
•Existing legislation KCA 2009 83U and83V, not observed by agencies
Definition,Access control,
Penalties
•Unclear categories yield coarse-graineddata controls which can allow illegal accessto the data
•Unenforced penalties increase the risk ofillegal access
•No definition, distinction or classification ofPII, Sensitive data, Public data•Identified violations are handled in an adhoc fashion, with varying penalties
Security of
public data
Definition of,access to andpenalties for
illegal access toprivate versus
public data
PublicOwnership ofPublic Data
National DataWarehouses
Standard Keys
PreventingRedundantSystems
ConclusionsFindings
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 13/43
13
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Agenda
• Project Overview and Approach
• Current state of Kenya e-Government
• Recommendations
– Global best practices and Key Principles in e-Government legalframeworks
– Sample legislation that highlights critical e-Government elements – Implementation action plan
• Q&A
= Best in Class
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 14/43
14
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Require adherence to standard data formats
Adopt shared formats
• An electronic GovernmentInteroperability Framework (e-GIF) or Data Reference Model(DRM) designates shared keysand standard models for core
entity types• Many existing open standards can
be adopted or customized• Advanced systems will allow for
cancelable identifiers to minimizeimpact of compromise
• In NL, Citizen Service Numbers
(CSN) and Chamber ofCommerce Numbers (CCN) areused for data exchange andsearches in the Key Register ofPersons (MPRD) or KeyCommercial Register
• In KR, a central authority canissue, cancel and re-issue
surrogate keys to identifyindividuals.
Mandate compatibility
• All existing systems are requiredto be interoperable with datastandards within a designatedtimeframe
• All newly procured systems are
required to comply with datastandards
• In UK, the e-GIF set the standard
for many other countries asadoption is mandatory for allpublic information systems
• In US, the Director of the Office ofManagement and Budget isempowered to enforce standardsfor all government systems
Designate an authority toupdate standards
• While core standard fields rarelychange, identification of a role forupdating standards ensuresexpansion to unforeseen fields ofvalue and controls for
technological change
• In EU, Interoperability Solutions
for European PublicAdministrations (ISA) createdEuropean InteroperabilityFramework (EIF) to unify multiplegovernments and is maintained byan identified committee from manymember countries
Global Best Practices and Key Principles
Focus Area 1 – Standard Keys
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 15/43
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 16/43
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 17/43
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 18/43
18
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Eliminate duplicate collection and storage
Share information acrossministries and prohibitredundant digital data
• All government agencies must vettheir information needs againstexisting government holdings
before it can collect or retaininformation
• Information cannot be collectedindependently if it existsaccessibly in any other agency.
• In KR e-Government Law No.10303 Chapter 4, details sharingof administrative information.Article 36 governs theadministration, efficientmanagement and use ofinformation
Integrated registry ofinformation systems
• Ministries must register the typeand extent of information theycollect and provide points of
contact for those collections• Ministries which cannot share
data directly must providemethods by which the informationcan be integrated with otherministries
• In a KR e-Government case, withthe integration of informationresources, USD 100 million inequipment replacement costswere saved between 2009 and2010. Additional USD 400 millionis expected to be saved by 2014.
Organizational structureto plan, manage, andcontrol data across
government
• A role for a central decisionmaking body must be designatedto promote sharing strategy,
enforcing policies throughapproval and budgets andresolving conflicts
• The organizational structureshould be placed in the e-Government directorate in order tosit across ministries and agencies.
• In UK, MOI (Ministry ofInformation) is the organization forthe information subject area.
• In US, OIRA (Office of Informationand Regulatory Affairs)
• In KR, MOPAS (Ministry of PublicAdministration and Security)
Focus Area 3 - Preventing Redundant Systems
Global Best Practices and Key Principles
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 19/43
19
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Focus Area 3 - Preventing Redundant Systems
Sample Legislation
SOUTH KOREA - ELECTRONIC GOVERNMENT ACT
• All government agencies must vet their information needs against existing government holdings before itcan collect or retain information
• Information cannot be collected independently if it exists accessibly in any other agency.
• A role for a central decision making body must be designated to promote sharing strategy, enforcingpolicies through approval and budgets and resolving conflicts
SOUTH KOREA - ELECTRONIC GOVERNMENT ACT
• All government agencies must vet their information needs against existing government holdings before itcan collect or retain information
• Information cannot be collected independently if it exists accessibly in any other agency.
• A role for a central decision making body must be designated to promote sharing strategy, enforcingpolicies through approval and budgets and resolving conflicts
Article 36 (Administration of the efficient management and use of information) ① A minister or principle of any ministries
should provide administrative information which the ministry collect and retain inside to other ministry who require that
information. If they can receive and access trusted data from any other ministry, they should not collect duplicated data independently.
② A minister or principle of any ministries which collect and retain administrative information can permit to share the
information between other ministries and any banks which have a permission of bank business according to Act on Bank,private corporate organizations or agencies which are granted by Presidential Dec Policies.
③ The Minister of the Ministry of Public Administration and Security should develop the list of administrative information which
is hold by any ministry by investigation and distribute it across government ministries and investigate requirement for new administrative information.
Article 37 (sharing of administrative information centers) ① For the sake of effective sharing of administrative information, The
Minister of the Ministry of Public Administration and Security can deploy administrative information center as a center of information sharing across ministries as a subsidiary of his ministry and promote to utilize the center from each ministry in accordance with Presidential Dec Policies
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 20/43
20
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Public data is owned by the people
Data is available to thewidest range of users forthe widest range of
purposes
• Data should be usable forpurposes it was not originallycaptured for
• Involve citizens to make sense ofdata
• Encourage transparency,participation and collaboration
• In US, Open Government
Directive• In UK, interactive portal wherecitizens are asked to come up withinnovative ideas and mobileapplications how they could usepublic data
Make exposed data thedefault and protected data
the exception
• By default, data captured bygovernment bodies should bemade available to the public
• Release key datasets(data.go.ke?)
• Only sensitive or private datashould be protected
• In UK, Transparency Board to
make transparency a core part ofall government business• In KR, Act mandates that
information held and managed bypublic institutions shall bedisclosed
Do not establish dataowners, but assign data
stewards
• Data does not belong to theperson or agency that capturedthe data
• Center of Excellence in datastewardship, directing otheragencies in governing, collecting,managing, storing and distributingdata.
• In UK, Public Data Corporation
• In NZ, Government departmentsare stewards of Government-heldinformation, and it is theirresponsibility to implement goodinformation management.
Focus Area 4 - Public Ownership of Public Data
Global Best Practices and Key Principles
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 21/43
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 22/43
22
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Categorize data appropriately to maximizeproper protection and access
Clear definition andclassification of private
and public data
• The authority to define private andpublic data should be clearlystated in legislation
• All definition and classificationshould be unified across ministries,preferably tied to a data standard.
• In US, FEA DRM (Data ReferenceModel) categorizes governmentinformation in detail level withprivacy designation.
• In UK, e-GIF (e-GovernmentInteroperability Framework) setsout the government's technical
policies and standard datacategories.
Accessibility forauthorized data
• Access to citizen information heldby public institutions should begoverned uniformly by data
category• Authority to determine appropriate
access (e.g. national security,statistical) should be declared inAct
• Individuals should be guaranteedaccess to data about them
• In FI, Personal Data Act - section26 - Right of Access
• In Canada, Privacy Act - Accessto Personal Information - Right ofAccess
• In US, under FOIA, individual hasaccess to the information
government hold
Exclusively definedpenalties and
enforcement role
• Penalties for illegal access shouldbe specified once and appliedbroadly
• An independent enforcement rolewith authority to carry outpenalties must be defined
• In FI, Personal Data Act, chapter38, section 9
• In KR, Act on the Protection ofPersonal Information Chapter 5
Focus Area 5 - Definition of, access to and penalties for illegal
access to private versus public data
Global Best Practices and Key Principles
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 23/43
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 24/43
24
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Secure data while maximizing public access
Control policies owned,supported and practiced to
address risks
• Management, Operator andTechnical control policies are thefoundations for an information
security risk managementprogram.
• Policies are necessary to definerisk management requirementsthat help make reasonable andappropriate risk managementdecisions.
• In US, State of Minnesota,Enterprise Security ControlPolicies
• In EU, Regulation (EC) No45/2001 defines particularmeasures to prevent unauthoriseddisclosure or access, accidental or
unlawful destruction or accidentalloss, or alteration
Utilize uniform standards ofprotection and encryption
• Standards should govern dataacquisition, storage anddisposition, eg.,Data erasure
• Security solutions are required tooffer strong protection againsttampering and unauthorizedaccess
• In UK, the Data Protection Act isused to ensure that personal datais accessible to those whom itconcerns, and provides redress to
individuals if there areinaccuracies
Independent auditingrequired
• Independent chains of commandto guarantee adherence
• Private auditing firms to be given
authority to conduct completeauditing practices
• Real-time auditing is emerging asthe new global best practice
• In US, FISMA (FederalInformation Security ManagementAct) establishes securityguidelines that federal agenciesmust adhere to.
• Agencies are graded on resultsfrom FISMA compliance auditing
Focus Area 6 - Security of Public Data
Global Best Practices and Key Principles
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 25/43
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 26/43
26
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Global Best Practices on Mobile Applications Legislation
1. Expanding legal definitions – Include different types of electronic devices in definitions for
existing and future legislation• e.g. Mobile phones, laptops, smart-phones etc
– Classical definitions in existing legislation may miss new mobile devices
2. New types of information collected about people (location and personal preference)- Collection of information of an individual- GBP: No person may collect, use, or provide the location information of a person or
mobile object without the consent of the person or the
owner of the object (KR act on the protection, use, etc. of location information)- Exceptions when info is to be used for emergency rescue/relief purposes- GBP: A subject of personal location information may withdraw his/her consent for part of the scope of thecollection of personal location information and the terms and conditions, when he/she has given consentunder above point
3. Structure that allows applications of authorization or verification down to mobile devices for conductingany business
- Processes to identify identity for individual authorization from mobile devices- Step-by-step procedure in place to conduct transactions securely using these mobile devices- Mobile e-Signature to satisfy legal requirements as a handwritten signature.- GBP: Directive 1999/93/EC of EU establishes legal framework for e-Signature and certification services.The main provision of the Directive states that an advanced electronic signature based on a qualifiedcertificate satisfies the same legal requirements as a handwritten signature. It is also admissible as evidencein legal proceedings.
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 27/43
27
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Review of draft Kenya´
s Data Protection Act
• Elements of the Draft Data Protection Act may aid in e-Government adoption efforts – Sections 6(a-b) require data security at rest and in transit
• Responsibility assigned to Freedom of Information Act Commission
– Sections 7(1)(a-b) guarantee personal access to personal data
– Section 9 requires that data be up-to-date, complete and accurate – Section 22 protects against agency liability for data disclosed in good faith
• Elements of the Draft Data Protection Act pose serious concerns to e-Government adoption efforts
– Sections 3(1)(a)(ii)(b) requires all personal data be collected from individuals
• May prevent lookup from existing data stores – Sections 11 prevents data collected for one purpose being used for another• May prevent creation of National Data Warehouses
– Section 12 Prohibits sharing data with other agencies unless authorized• Directly inhibits data sharing• Authorization schemes are not yet in place• Unclear status of data collected prior to the existence of authorization schemes
– Section 13 prevents unique IDs from being used across agencies• Prohibits the use of shared keys, inhibiting data sharing
• No exemptions or processes are made for interagency government data sharing – Many countries adopt these caveats to the OECD Privacy Principles
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 28/43
28
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Agenda
• Project Overview and Approach
• Current state of Kenya e-Government
• Recommendations
– Global best practices and Key Principles in e-Government legalframeworks
– Sample legislation that highlights critical e-Government elements – Implementation action plan
• Q&A
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 29/43
29
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Implementation Strategy SummaryObtaining new authority
Constitution Legislation RegulationLong processMost rigid
Put in place immediately
More easily discarded
Silo´́́́ed versus cross-cutting
E-Gov
M
i n i s t r y A
M
i n i s t r y B
M
i n i s t r y C
M
i n i s t r y D
M
i n i s t r y E
Legisla tion
Regul at io n
Incremental versus Plenary implementation
Big BangOne e-Government Act
Separate components
Elements in various Acts
Solo versus Partnership in Public Service provision
Per department Public-Private PartnershipPublic-Public Partnership
L l d l t f k f G t i i K
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 30/43
30
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
1. Amend currentauthorities in theKenyaCommunications
Act to point toDeG
2. Include DeG´sauthorities innew legislation
3. Include coredata entity types,standard keysand categories in
new legislation
4. Per data entitytype, define thefields, format andsensitivity level
5. Designatesystems to serveas centralrepositories foreach data asset
6. Makeinventory ofdata andsystems across
ministries
7. Pilot datacentralizationefforts for aselected regionand selectedfunction
8. Include datastewardship andopengovernment
directives in newlegislation
9. Create a pilotwebsite whereselected keypublic data setsare published
10. Allow bylaw for privateorganisationsto participate in
providinggovernmentservices
The following steps should be implemented immediately
Partnerships Data
availability
Single source Define &
Designate
Obtain the
mandate
”Monday Morning” Action Plan
Legal and regulatory framework for e Government services in Kenya
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 31/43
31
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Long term roadmap for further e-Government development
Establish IPRS as the
central NDWMove Adoptions & Marriages
registry
Collect data into central repositories with
synchronization or update policiesEstablish electronic verification methods that
link into the NDW
Establish securityguidelines
Establish security solutions
Establish a risk managementprogram
Establish auditing practices
Establish training procedures on securitypractices
Build partnerships with private organisationsin providing government services
Establish a CoE for datastewardship
Digitize information
Establish ACP fordifferent data
categories
Define cross-cutting
penalties
Establish an independent partywith authority to apply and enforce
the defined penalties
Revise ministry-specific Acts Establish an e-GovernmentAdvisory Group
Make old Acts obsolete
Implement new regulation across ministries
Legal and regulatory framework for e-Government services in Kenya
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 32/43
32
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui
Agenda
• Project Overview and Approach
• Current state of Kenya e-Government
• Recommendations
– Global best practices and Key Principles in e-Government legalframeworks
– Sample legislation that highlights critical e-Government elements
– Implementation action plan
• Q&A
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 33/43
Thank You
Asante Sana
What is the point in having allthese different licenses?
eGovernment office has
insufficient authority and likelyneeds to be semi-autonomous
The eGovernmentDirectorate should step up
IT has really helped inenforcement. There is noway to cook it
eGovernment should createthe obligation for governmentdepartments to be under one
umbrella
We need a one-stop-shopfor citizens
Most fraud is because otherarms of government cannot
check. Everything is a
manual process.
This is the fifth day in a rowthat I am here waiting in thequeue. Every day costs me
300 Ksh for transport. I haveno more money for food.
There are 254 forms ofregistration in Kenya. We
managed to reduce to 185.
The reality of eGovernmentis not with us yet
Quotes by interviewees:
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 34/43
Developing an enabling legal and regulatory frameworkfor e-Government services in Kenya
APPENDIX SLIDES
Legal and regulatory framework for e-Government services in Kenya
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 35/43
35
g g y y
IBM CSC – Team Kenya 2 – Subteam Chui
IBM´s Corporate Service Corps
China
Egypt India
Nigeria
Ghana
Philippines
Romania
S. Africa
Tanzania
Turkey
Vietnam
MalaysiaBrazil
Indonesia
SriLanka
Morocco
Kenya
Russia
• Part of IBM’s Corporate SocialResponsibility Program
• Employee leadership development
program• Launched July, 2008• Global IBM initiative designed to
provide government, small business,educational institutions, and non-profit organizations in growth
markets with pro bono consultingwork to help improve local conditionsand foster job creation
• +1000 IBM employees deployedfrom 50 countries on 100 teams to18 countries since inception
Legal and regulatory framework for e-Government services in Kenya
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 36/43
36
IBM CSC – Team Kenya 2 – Subteam Chui
Nimeesh KaushalStaff SoftwareDeveloper
IBM Canada
Reporting and Query Stack Integration inBusiness Intelligence, Software Verification, Testmanagement and execution, Facts and data
gathering, Client problem resolution
Anna ChoiInformation AgendaArchitectIBM South Korea
Industrial / Distribution/ Retail industry,Information Agenda business architect,Build information solution architecturefor information quality, information governance,master data management, business analytics.
Luan NioSenior ConsultantIBM Switzerland
Pharmaceutical and Life Science industry,Consulting, Project management, Data gatheringand analysis, Workshop facilitation, Stakeholdermanagement
David SloanPractice ManagerIBM United States
Information Management tools, RealtimeBusiness Analytics Expertise: Data Integration,Government Industry Solutions
Introduction to the IBM team
Legal and regulatory framework for e-Government services in Kenya
IBM CSC T K S b Ch i
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 37/43
37
IBM CSC – Team Kenya 2 – Subteam Chui
Requirements and needs expressed by interviewees
New(Service / System / Legislation)
Enhance(Service / System / Legislation)
•Create the obligation to be under
one umbrella• It should be possible to look at datafor other purposes than for what itwas captured for
•Better enforcement of laws that arecutting across ministries anddepartments. These laws shouldsupersede the individual ministrylaws.
•A one-stop-shop for citizens•Online application•A multipurpose card•A National Identification / Verification
System•A National /Online Payment System•Technology training to registrationofficers
•Need eGovernment to step up anddefine the standards
• It should be possible to look at datafor other purposes than for what itwas
•Better ways to identify persons
•Less Forms, Less Acts
•Less late registrations for birth
• IPRS should contain all informationand should be better accessible
•More computers for the registrationofficers
•Data should be marketable and should be used to benefit each other, bu
t in a directed manner
Legal and regulatory framework for e-Government services in Kenya
IBM CSC T K 2 S bt Ch i
Current State
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 38/43
38
IBM CSC – Team Kenya 2 – Subteam Chui
• Limited Authority under KenyaCommunications Act 2009 Section83S(2) states “The Minister [MOIC]
may ... by regulations prescribe (a)the manner and format in which suchelectronic records shall be filed,created or used"
Focus Area 1 – Standard Keys
Conclusions
Current
Authority
Potential
Shared Keys
• National ID is commonly used acrossmany systems, but is limited toregistered Kenyan citizens over 18years of age
• Integrated Population RegistrationServices (IPRS) Integrated PersonalNumber (PIN) universal for all
registered Kenyans and registeredforeigners, but largely unknownoutside of IPRS
• Draft key standard for land providedby Ministry of Lands adheres tointernational GIS standards
Findings
• Authority for National Data
Warehouses exists under KCA, butdoes not assign the authority to the e-Government Directorate
• Lack of keys will inhibit interoperabilitywithout resource-intensive entitydisambiguation exercises
• No consistent shared keys existacross systems
• Candidate keys are flawed either
because they are not universal, notknown or are still in progress
Current State
Legal and regulatory framework for e-Government services in Kenya
IBM CSC Team Kenya 2 Subteam Chui Current State
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 39/43
39
IBM CSC – Team Kenya 2 – Subteam Chui
Focus Area 2 - National Data Warehouses
Current
Authority
• Kenya Communications Act of 2009Section 83G and 83H both state “suchdocuments, records or information are
(rendered/retained) in electronic formif (a) the information contained thereinremains accessible so as to be usablefor subsequent reference”
• Greater authority than currently underKCA will be required to either
assemble or compel participation in aNational Data Warehouse (NDW)
CitizenRegistry
• IPRS collects data from manysystems
• Only represents digital data collectedby Ministry of Immigration• Goals to share with the Kenya
Revenue Authority, Kenya NationalBureau of Statistics, InterimIndependent Electoral Commission ofKenya, National Social Security Fund
and security forces
• IPRS represents best current NDW• IPRS needs to collect from and sharewith all relevant entities to be a trueNDW
• Methods of exchange must bebroadened
CorporateRegistry
• State Law Office maintains acorporate registry
• All businesses must register with theState Law Office
• Data exchanges occur intermittently,
in bulk and with infrequent updates
• Corporate registry may be an idealNDW candidate
• Lack of universal and real-timecoordination with other repositoriesleaves room for fraud and
manipulation
Current State
ConclusionsFindings
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui Current State
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 40/43
40
IBM CSC – Team Kenya 2 – Subteam Chui
• Physical sources are distributedacross ministries and districts and areredundantly archived
• No legislation to enforce singlerepositories and sharing of data• IPRS can be used to verify national ID
and name, but is not used exclusively• No system catalog exists to identify
information type, location or points ofcontact to verify redundancy
Focus Area 3 - Preventing Redundant Systems
InformationRedundancy
and silos
Seamless
process,digitized
information
• Current lack of digitized information• Requests for information between
ministries are manual, often on paper• Procurements for new systems are
de-centralized, not under commoncontrol
• Information searching processes aremanual and ad hoc to the individualdoing the searching
• Finding correct information is time-consuming
• Ministries operate inefficiently with
duplicate information collected, oftenwith the same purpose• Resources are invested in multiple
projects to build same informationrepository
• To prevent ministries from initiatingredundant stores, legal enforcement
is required
• Information cannot be searchedexhaustively or verified definitivelydue to dispersion and paper format
• Lots of information unused because
awaiting digitization• Less opportunity to leverage core
information across ministry• Dependencies to individual officers
rather than a defined process
Current State
ConclusionsFindings
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui Current State
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 41/43
41
IBM CSC Team Kenya 2 Subteam Chui
Focus Area 4 - Public Ownership of Public Data
• Insufficient legislation in place thatstates who owns which data, whoshould act as data steward or how
public data should be shared• Each department creates own Actsand processes to collect the data theyrequire. Opacity of what acts are inplace and what processes should befollowed.
• No legal principles in place confirming
public ownership or governmentstewardship of public data
Shifting fromdata
ownership todata
stewardship
• Ownership is asserted in such a waythat it inhibits collaboration andinformation sharing
• Time-consuming efforts to identifystructures around data governance
• Generally, the ministry or departmentwho captures the data keeps the data
• The public has no transparency aboutwhere what data is stored or how toaccess it
Facilitatingre-use of
public sectorinformation
• Data is not being re-used in anoptimal way. Its utility is notmaximized.
ConclusionsFindings
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui Current State
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 42/43
42
y
Focus Area 5 - Definition of, access to and penalties for illegal
access to private versus public data
Definition of
private,public data
• No definition, distinction orclassification of PII (Personallyidentifying information, e.g. NationalID, name, birth date), Sensitive data(e.g. medical history), Public data (e.g.aggregate statistical data)
• Unclear categories yield coarse-grained data controls which can allowillegal access to the data
• Increased difficulty and inconsistentstandards when applying legal policyfor different classification levels ofdata
Access
Control todata
• In electronic systems, access controlsare role-based (boundary) by user,but manual systems have onlyphysical access controls
• Lack of consistent business conductguidelines
• Access education is only given at hire• Lack of any defined protocol for
citizen access to personal data
• Departments are reluctant to sharedata without legal protection for thirdparty misuse of data
• Special provisions should be made forcases affecting national security
• Citizens unaware of rights to accesstheir own data, and have no processby which to exercise those rights
Penalties forillegal
access to
data
• Existing relevant legislation, such asKCA 2009 83U and 83V, is not widelyobserved by agencies
• Identified violations are handled in anad hoc fashion, with varying penalties
• Unenforced penalties increase therisk of illegal access
• Poor application makes corruption inparallel processes more likely
• Inconsistent policies reduce the
deterrent effect of penalties
ConclusionsFindings
Legal and regulatory framework for e-Government services in Kenya
IBM CSC – Team Kenya 2 – Subteam Chui Current State
8/6/2019 Kenya 2 Subteam 2 CHUI Development of a Legal and Regulatory Framework for e-Government in Kenya
http://slidepdf.com/reader/full/kenya-2-subteam-2-chui-development-of-a-legal-and-regulatory-framework-for 43/43
43
y
Focus Area 6 - Security of Public Data
Authority torequire
adherence toa common
data security
standard
Auditing
• There is no such uniform mechanismin Kenya to protect public data
• No legislation on protection of data• Scope of KCA 83R(d) is too
restrictive as it only points toregulation of e-Signatures
• Each agency has its respective ITdepartment implementing their ownstandards for securing public data
• Data sharing happens manually and
ad hoc through the exchange of CD-roms, paper copies etc
• No universal formal training procedurein place for staff on security practices
• No auditing practice exists currently• Ad-hoc auditing takes place within the
supervision chain of system owners
• Different standards for securing publicdata with varied security levels riskscompromised security at all times
• Manual sharing of public data throughunofficial processes could lead torelease of private data, violating theKenyan Constitution
• In absence of universal auditing,
processes cannot adhere to properstandards and security violationsmight go unnoticed
• No checks in place could promotemis-use or mis-appropriation of highlysensitive data
ConclusionsFindings