Was Huduma Namba Project given the green light?


By JOHN WALUBENGO
More by this Author

Following some petitions launched by human rights groups last year, the government was restricted from rolling out the National Integrated Information Management System (NIIMS) project – popularly known as the Huduma Namba.

The restriction was put in force, pending the hearing and determination of the case whose ruling was made last week.

Each of the interested party has made its own claim to having ‘won’ the case.

The government put out a notice saying that following the ruling, it would now proceed to process and issue Huduma cards as previously planned while the petitioners put out another notice claiming the Huduma Namba implementation had been stopped – pending some legislative and regulatory frameworks.

We sought to find out who is fooling who by reviewing the orders issued by the High Court.

The most relevant clause was Order No. 3 which stated as follows:

The Respondents are at liberty to proceed with the implementation of the National Integrated Information Management System (NIIMS) and to process and utilise the data collected in NIIMS, only on condition that an appropriate and comprehensive regulatory framework on the implementation of NIMS, that is compliant with the applicable constitutional requirements identified in this judgment, is first enacted.

So as the saying goes – one can get as many legal opinions over the same matter as there are the number of lawyers in the room.

So the government lawyers must have interpreted the order to mean they proceed with implementation since they already have a comprehensive regulatory framework as contained in the recently enacted Data Protection Act.

The petitioner’s lawyers must have interpreted the order to mean that Huduma Namba implementation has been halted – since the recently enacted Data Protection Act is not comprehensive enough.

As the lawyers split hairs and possibly return to court for further judicial interpretation, the government is determined to proceed with the Huduma Namba implementation.

First and foremost, the Data Protection Act gives you some powers or rights that you did not initially have when Huduma Namba was first rolled out.

We review a few of them below.

The right to transparency.

You can now demand that Huduma officials disclose to you what data they have collected on you, its rationale, how they intend to use it, as well as the identity of any third parties they intend share your data with.

In practical terms, they must provide you a portal that allows you log in and review your data, request for corrections and possibly block access to any third party access you did not consent to.

In more advanced economies, the portal would keep a log and report to you who accessed which part of your data, when and why.

The right to data security

The Huduma Namba officials must provide assurance that your data is secure and be able to alert you in cases where there are data breaches.

Since Wanjiku is not necessarily technical to appreciate intricate details of data security, all she needs is for Huduma Namba officials to publish the fact that their information systems have been audited by certified information system auditors and also that they are ISO 27001 compliant.

Furthermore, the IS Audits and ISO compliance status should not be a one-off affair but should be regular and frequent exercise to address the emerging and ever changing digital threats.

The right to transparency and data security is not a favour from government. It is a citizen right prescribed in the Data Protection Act of 2019.

Perhaps the petitioners should make these demands next time they go to court rather than being obsessed with stopping the Huduma Namba implementation.


Credit: Source link