Given the importance of cyber security and data protection in our modern world, Zambia needs to build on recent positive changes and address implementation gaps to grow foreign investment, says Layeni Phiri, Managing Partner of August Hill & Associates.
“Cyber security is as important as tax incentives and foreign investment incentives, because it protects not only the multinationals coming in but also every other person dealing with them,” Layeni said. “Southern Africa has made tremendous progress in providing legislation that encourages foreign investors, but when it comes to cyber security there seems to be a gap between what the law says and what happens in practice.”
For African nations such as Zambia, the issue can be twofold, Layeni noted. He emphasised that foreign investors in a variety of industries can come from countries that are “way more developed in the cyber security and data protection space”, so they’re looking for certain standards both in terms of the legislative and regulatory frameworks, and how such laws are implemented.
A lack of laws, or a lack of implementation, can cause multinationals to rethink investing.
Positive progress has been made, though, Layeni noted, pointing to Zambia’s introduction of the Cyber Security and Cyber Crimes Act in 2021, which built on previous electronic transactions and ICT legislation. The new Act bolstered the powers of Zambia Information and Communications Technology Authority (ZICTA), introduced specific cyber crimes (eg hacking, cyberstalking, identity theft) and child protection, and established a Computer Incident Response Team to collaborate with industry, government and individuals and respond promptly to any cyber attacks or threats.
“What these reforms have done is introduce specific people and institutions who are knowledgeable in the field and can speak to cyber security,” Layeni said. “Computers keep evolving every day, so it’s important to have experts. This complements prior electronic transactions legislation but now provides specific crimes and protection for cyber security.”
Layeni says further reforms are still needed, though, in both law and business practice.
He’d like to see greater government consultation with industry in areas such as scams and data protection, and more willingness to quickly reform the regulatory landscape to reflect fast-paced changes in the digital space. “Obviously acts should be drafted to stand the test of time, but it’s important to keep moving with the times because what’s trending today may not be tomorrow, and there will be something else. Regulation needs to be crafted in such a way that we can leave it open for change and that it really speaks to what’s actually happening.”
Lawyers play a key role, says Layeni, in developing the law, cooperating with regulators, and advising clients on tech issues – no matter what the initial enquiry. “A client can come in looking for one thing, such as incorporating a company, and hasn’t raised any questions about cyber security,” he said, noting too many businesses overlook requirements for data protection officers or internal digital policies. “It’s upon us as lawyers to ensure such segments are also included in our work so we provide end-to-end protection and service to our clients.”
To join Africa Legal's mailing list please click here