Professional Documents
Culture Documents
The Concept of C I A and Data Protection
The Concept of C I A and Data Protection
©2013
HEL Location:
Iringa-Tanzania
Date: 09/21/13
08:14:18
1
LL.B Degree Holder at the University of Iringa (Formerly known as Tumaini University Iringa University College)
2009-2012, currently a Masters Candidate in Information, Communication and Technology Law at Iringa
University2012-2013, Author and a trainee in lecturing at Iringa University.
i
The C.I.A. Conceptual and Data Protection in Tanzania
1.1 Introduction
When you pronounce the name CIA most of the people will definitely referred it to e Central
Intelligence Agency that will be their first priority because of its prominent use. But the name
CIA can mean anything because it is just an abbreviation like any other abbreviation. For
example I can say BBC stands for Black Breweries Corporation, and nobody can refute that
In our daily life, economic activities, and national security highly depend on stability, safely, and
resilient cyberspace. A network brings communications and transports, power to our homes, run
However it is through the same cyber networks which intrude and attack our privacy, economy,
social life in a way which is harmful. Some scholars have interestingly argued that, “in the
Internet nobody knows you are a dog”.3 This raises some legal issues and concerns.4
This paper presents important issues of Confidentiality, Integrity and Availability of Data
Protection in Tanzania. The paper try to familiarize the reader with a careful understanding of the
three concepts and data, data protection, briefly origin of cyber security, data protection
2
United Nations 199, see also social learning theory and moral disengagement analysis of criminal computer
behaviour: an exploratory study by Marcus, K. R. 2001.
3
Christopher Reed (2000). Internet Law; Text and Materials, at Pp.119.
4
Adam J. Mambi (2010). ICT LAW BOOK, a Source Book for Information and Communication Technologies and
Cyber Law in Tanzania and East Africa Community.Pp. 96.
2
principles and the situation of the concepts in Tanzanian laws, and lastly the paper show how
A good example of an international instrument which tried to categorize the above concepts as
types of cyber crime is the Council of Europe Convention on Cyber Crime,5 European Treaty
Series. 6The Convention on Cyber Crime distinguishes between four different types of
offences7one among being an offences against the confidentiality, integrity and availability of
computer data and systems, such as illegal access, illegal interception, data interference, system
interference, and misuse of devoice8. However, this does not give the clear picture of what the
1.2.1 Confidentiality.
5
No. 185, Budapest, and 23.XI. 2001.
6
Sofaer, Toward an International Convention on Cyber in Seymour/Goodman, The Transnational Dimension of
Cyber Crime and Terror, page 225, available at: http://media.hoover.org/document/0817999825_221.pdf-Extracted
on 31st February 2013.
7
The same typology is used by the ITU Global Cyber Security Agenda/High-Level Experts Group, Global Strategic
Report, 2008, at http://www.itu.int/osg/csd/cybersecurity/gca/global_strategic_report/index.html-Retrieved on 4th
march 2013.
8
See Article 2,3,4,5 and 6 of the Council of Europe Convention on Cyber Crime, European Treaty Series - No. 185,
Budapest, and 23.XI. 2001.
9
Herman T. Tavani (2007). Ethics and Technology, Ethical Issues in an Age of Information and Communication
Technology, 2nd Edition, John Wiley & Sons, Inc, , United States of America. Pp.169.
3
Confidentiality10 means a communication made within a certain protected relationship such as
Husband and Wife, Attorney and Client, Priest and Penitent and legally protected from being
forced to disclose.11
I believe when something is confidential means that thing is kept within a certain boundaries that
limits any other persons other than those with such a thing are keen to know. In privacy there are
The first is confidential which the right to be left alone is but in some circumstances such
confidentiality is disclosed for example for the purpose of criminal records or aiding the court of
law to find the right verdict. Most of confidential matters relate to personal information like
medical reports.
The second is secrecy which is also the right to be left alone in which every society have its own
secrecies that no any other society is allowed to know. It has to be understood that it is not secret
society like many of us think, for example most of us we do believe that ‘Freemason’ is a secret
society, but it is a society with secrets in which any of the organizations or institutions have their
own secrecies. Secrecies can be released when it comes to the matter of public interest.
And lastly is Top secrets, these cannot be released at any cost. Most of this information is
government information which is kept secrecy for the public interest in which the released of it
may cause breach of peace in a certain nation. This information is regarded as sensitive and that
10
Confidentiality refers to limiting information access and disclosure to authorized users "the right people" and
preventing access by or disclosure to unauthorized ones "the wrong people."
11
Bryan A.G (1999), Black’s Law Dictionary, 8th Edition, West Group Publishing Company. Pp. 273.
4
may raise a sense of inhuman when disclosed, therefore it is for the best of the public interest not
to release them.
For example, what if an ordinary person discovered that a government conducts a biochemical
military research by using human being bodies who are still alive or using a certain medicine or
vaccine to human being in a certain area which have long term effects to human being. This is
why they call them top secrets even though keeping them as secrecies may later on affect
Therefore, the big difference between these three levels of privacy is the accessibility of the
information, that some can be accessible for public use and some cannot be accessible for public
interest.
1.2.2 Integrity.
Integrity means the act of being consistent. This term means to be honest and of a good moral
character.12 Being of good character and honest automatically implies the act of being consistent.
When a computer file is not changed or deleted and is stored the same way since starting.13
As I understand, being consistent means being accurate with what a person is doing. Then the
term integrity means the act of being accurate of whatever a person conducts. When one is
accurate is honest, and when honest means for whatever that person is doing must be in good
12
That data have not been changed inappropriately, whether by accident or deliberately malign activity. It also
includes "origin" or "source integrity" that is, that the data actually came from the person or entity you think it did,
rather than an imposter.
13
Black's Law Dictionary Free Online Legal Dictionary 2nd Ed available at
Law Dictionary: What is FILE INTEGRITY? Definition of FILE INTEGRITY (Black's Law Dictionary)
http://thelawdictionary.org/file-integrity/#ixzz2asjJJgsl- extracted on 12nd August 2013.
5
faith. If there is presence of good faith, then such activity is protected. In data protection accurate
means the information taken must be accurate with the purpose of taking it.
1.2.3 Availability.
Availability means the presence of something. Relating to data protection means the presence of
data protection in other way security. It may also mean an information system that is not
available when you need it is almost as bad as none at all. It may be much worse, depending on
how reliant the organization has become on a functioning computer and communications
infrastructure.14
To my understanding, data protection is the careful observation and examination of the above
three concepts.15 These are sometimes referred as CIA Triad which provides protection for data
In the old days people used to hide their faces, draw their guns and rob the local bank or stage-
coach. Currently the ways which crimes are conducted become more technological creative. For
instance, we have gone from in-person robberies to nameless and faceless crimes involving
14
http://it.med.miami.edu/x904.xml-retrieved on 13rd June 2013.
15
Confidentiality, Integrity and availability.
16
This refers to data that is moving within the network. Sensitive data, for example, that is sent through network
layers or through the Internet. A hacker can gain access to this sensitive data by eavesdropping. When this happens,
the confidentiality of the data is compromised. Encrypting data-in-transit avoids such compromises.
17
It is possible for a hacker to hack the data that is stored in the database. Encrypting data-at-rest prevents such data
leakages. See Lamar Stonecypher, Concepts of Database Security at http://www.brighthub.com/computing/smb-
security/articles/61402.aspx.
6
computers. A crime such as spamming, passing on computer viruses, harassment, cyber stalking,
While these issues do not carry potential monetary loss, they are just as harmful in the possibility
of losing files, information and access to your computer. This is why Cyber Security is needed.19
Cyber security means protecting information, equipment, devices, computer, computer resources,
communication device and information stored therein from unauthorized access, use, disclosure
Before processing any data there some principles to be observed. Even children who are old
enough to understand what is being asked of them should be given the opportunity to give their
Data protection is the use of techniques such as file locking and record locking, database
shadowing, and disk mirroring, to ensure the availability, confidentiality and integrity of the
data.22
18
http://dealnews.com/pages/articles/guide-computer-crime-prevention-retrieved on 23rd June 2013.
19
Ibid.
20
Section 2 (1) nb of the India Information Technology Act of 2000.
21
See Gillick v. West Norfolk and Wisbech Health Authority HOUSE OF LORDS [1986] 1 AC 112, [1985] 3 All
ER 402, [1985] 3 WLR 830, [1986] 1. This established that in general terms, once a child becomes 12 years of age
that he or she is likely to be able to understand the implications of what is being asked. This is commonly referred to
as the "Gillick Principle".
22
Read more: http://www.businessdictionary.com/definition/data-protection.html#ixzz2fPvqw77I-retrieved on 20th
September 2013.
7
Data in computing means information that has been translated into a structure that is more
suitable to shift or progress. Relative to today's computers and communication media, data is
Generally and in science, data is a gathered body of facts. Some authorities and publishers,
cognizant of the word's Latin origin and as the plural form of "datum," use plural verb forms
with "data". Others take the view that since "datum" is rarely used, it is more natural to treat
To my opinion one cannot define data unless they are protected. Because it is from its protection
where it emerge. In the light to the human being, this means one cannot called a person as human
being unless is protected as human being and not like any other creature.
That is to say data (in a singular and plural form) is the collections of various protected
organisms in a way that is more convenience and well understood by any person through which
Data protection has general principles. These General Principles ought to define expectations and
2. Purpose provides restriction ensuring that personal data is only processed for the
purposes for which it was collected, barring further consent from the data subject. A
23
http://searchdatamanagement.techtarget.com/definition/data, Margaret Rouse (2005)-retrieved on 21st June 2013.
24
Ibid.
25
Neil Robinson et al (2009), Review of the European Data Protection Directive, RAND Corporation. Pp.50.
8
person require to be clear in relation to the purposes for which personal data are held in
order to ensure that the data are processed in a way that is companionable with the
original purpose. For example a doctor discloses his patient list to his uncle’s who owned
a tourist company, which offers special holiday deals to patients needing healing.
Disclosing the information for this purpose would be irreconcilable with the purposes for
appropriate technical and organizational measures. It means the suitable security to avoid
propose and categorize the protection to a healthy environment of the personal data held,
and the destruction that may effect from a security contravene. It is worthwhile to be
4. Adequate, relevant and not excessive. Data taken must not exceed the purpose of the
transferring. To take reasonable steps to ensure the accuracy of any personal data obtain;
to ensure that the source of any personal data is clear; carefully consider any challenges
This includes information derived from rumours circulating on the internet that the
individual was once arrested on suspicion of dangerous driving. If the journalist records
that the individual was arrested, without qualifying this, he or she is asserting this as an
9
accurate fact. However, if it is clear that the journalist is recording rumours, the record is
accurate – the journalist is not asserting that the individual was arrested for this offence.26
6. Data subject participation ensuring that the data subjects can exercise their rights
effectively (the right to retain information) such as review the length of time personal
data are kept; consider the purpose of holding the information for in deciding whether
(and for how long) to retain it; securely delete information that is no longer needed for
this purpose; and update, archive or securely delete information if it goes out of date.
For examples, images from a CCTV system installed to prevent fraud at an ATM
machine may need to be retained for several weeks, since a suspicious transaction may
not come to light until the victim gets their bank statement. In contrast, images from a
CCTV system in a pub may only need to be retained for a short period because incidents
will come to light very quickly. However, if a crime is reported to the police, the images
will need to be retained until the police have time to collect them.27
7. Accountability. That those processing personal data would be held accountable for their
8. And Authorization of data transfer28 and protection. That with the consent of the owner,
or recognized legal authority if necessary. This shift of information is not the similar as
26
Information Commissioner’s Office, The Guide to Data Protection, accessed on
www.ico.org.uk/.../Data_Protection/.../THE_GUIDE_TO_DATA_PROTECTION...-retrieved on 14th Sept 2013.
27
Information Commissioner’s Office, The Guide to Data Protection, accessed on
www.ico.org.uk/.../Data_Protection/.../THE_GUIDE_TO_DATA_PROTECTION...-retrieved on 14th Sept 2013.
28
A transfer involves sending personal data to someone in another country. For example a tour agent sends
customer’s information to Serengeti National Park in Tanzania where they will be making their tour during on
holiday.
10
the transfer of information though a country. This principle is barely being relevant
conditionally to the information moves to a country, rather than merely transient through
Legislations.
comprehensive Data protection law exposes subjects to threats of enjoyment of the right of
privacy. It also poses a great threat on misuse of information and data protection.29
However we have Electronic and Postal Communication Act which was passed by the Tanzanian
Parliament on January 29th 2010 and came into force on May 7, 2010.30
It repealed and replaced the Broadcasting Services Act31 and the Tanzania Communications Act
and amended32 the Tanzania Communications Regulatory Authority Act33 together with the Fair
Competition Act.34
The Act does provide the duty of confidentiality by the employee or any member of employee to
keep the confidentiality of the licensee information and should not disclose the information to the
29
Baraka Kanyabuhinya, Information Privacy Law in Tanzania, Support for Harmonization of the ICT Policies
in Sub-Sahara Africa, available at www.itu.int/.../Tanzania%20presentations/Data%20Protection%20Law%...
30
See Government Gazette, No.19 of May 7, 2010.
31
Cap. 306 R.E 2002.
32
See Electronic and Postal Communications Act 2010 ss.169-185.
33
Cap. 172 R.E 2002.
34
Cap. 285 R.E 2002.
11
public or to any other person unless where there an order of the court to do so for security
It further stated that, “no person shall disclose the content of information of any customer
received in accordance with the provisions of this Act, except where such person is authorised by
Also, a person shall not disclose any information received or obtained in exercising his powers or
performing his duties in terms of this Act except it is provided by the law.37
discloses, or attempts to disclose, use or attempt to use for any other person the contents of any
communications, knowingly or having reason to believe that the information was obtained
interception means preserving someone’s information not to be known to another, especially the
confidential one.
Unauthorized access or use of computer system. The computer system can be in any electronic
device that is capable of operating it and not necessary being a computer itself. The Act provides
that any person who secures unauthorized access to a computer or intentionally causes or
knowingly causes loss or damage to the public or any person, destroy or delete or alter any
information in the computer resources or diminish its value or utility or affect it injuriously by
any means, commits an offence and on conviction shall be liable to a fine not less than five
hundred thousand Tanzanian shillings or to imprisonment for a term of not exceeding three
35
Sections 98.
36
Sections 98 (2).
37
Section 99.
38
Section 120.
12
months or to both. By securing good use of computer system39 brings one step ahead in
Apart from the Act itself, there are some Regulations which in one way or another in supporting
Emergency Response Team) 41 provider's obligations to the service provider in relation to cyber
security,42 for a secure environment for the connectivity of their subscriber base by maintaining
updated systems that have a protection mechanism against information security threats. By
securing information security threats means the subscriber information is protected, thus
confidentiality exists.
Protection)43 provides that, a licensee may collect and maintain information on individual
consumers where it is reasonably required for its business purposes. But such information must
processed in accordance with the consumer’s other rights, protected against improper or
accidental disclosure and not transferred to any other party without authorization. Therefore,
39
Securing one’s data from being unlawfully access creates the protection of one’s confidential information from
being disclose.
40
Section 124 (3) of the Act.
41
Electronic and Postal Communications Act (CAP.306), Electronic and Postal Communications (Computer
Emergency Response Team) GOVERNMENT NOTICE NO. 419 published on 9/12/2011.
42
As per Regulation 3, means protecting information or any form of digital asset stored in computer, computer
devices, communication devices or digital memory device from unauthorized access, use, disclosure, disruption,
modification or destruction.
43
Electronic and Postal Communications Act (CAP.306), Electronic and Postal Communications (Consumer
Protection) GOVERNMENT NOTICE NO 427 published on 9/12/2011.
13
Regulations 26 -(1)44 of the Electronic and Postal Communications Act (Cap.306) Electronic
and Postal Communication (Licensing) a licensee shall use all reasonable measures to ensure
nondisclosure of confidential information obtained in the course of its business from any person
to whom it provides the licensed services. A licensee shall establish and implement reasonable
procedures for maintaining confidentiality of such information subject to any requirement under
the law.
Regulation 23 (a)45 of the Electronic and Postal Communications Act (Cap.306) Electronic and
Postal Communication (Postal). Each postal licensee shall ensure that all steps are taken to
improve mail security and combat postal crimes which include mail violation and secretion. This
puts obligation to the licensee regarding to the maintenance and protection of confidentiality of
Regulation 6 (1)46 of the Electronic and Postal Communications Act (Cap.306) Electronic and
Postal Communication (Radio communications and Frequency Spectrum), provides that a person
shall not intercept or acquaint himself with the contents of any radio communications other than
those transmitted for general information or for the information of licensees belonging to the
These are some of the Regulations which try to explain the concept of confidentiality and
44
Electronic and Postal Communications Act (C Ap.306) Electronic and Postal Communication (Licensing)
GOVERNMENT NOTICE NO 430 published on 9/12/2011.
45
Electronic and Postal Communications Act (Cap.306) Electronic and Postal Communication (Postal)
GOVERNMENT NOTICE NO. 424 published on 9/12/2011.
46
Electronic and Postal Communications Act (Cap.306) Electronic and Postal Communication (Radio
communications and Frequency Spectrum) GOVERNMENT NOTICE NO. 424 published on 9/12/2011.
14
1.5.2 Data protection in the United Kingdom.
Compared to the United Kingdom, they have enacted specific law which deals with data
protection. Data Protection Act Cap. 29 of 1998. The Act among other things provides for data
protection principles which as I said before they give a framework for data protection.47
The Data Protection Act 1998 establishes a framework of rights and duties which are designed to
safeguard personal data. This framework balances the legitimate needs of organizations to collect
and use personal data for business and other purposes against the right of individuals to respect
However, the Act applies to a particular activity processing personal data rather than to particular
people or organisations. So, if you “process personal data”, then you must comply with the Act
and, in particular, you must handle the personal data in accordance with the data protection
principles.49
Broadly, however, if you collect or hold information about an identifiable living individual, or if
you use, disclose, retain or destroy that information, you are likely to be processing personal
data. The scope of the Data Protection Act is therefore very wide as it applies to just about
Data as;
47
See section 4 and references in this Act to the data protection principles are to the principles set out in
Part I of Schedule 1.
48
Information commission office (ICO), A Guide to Data Protection.
49
Ibid.
15
b) Recorded with the intention that it should be processed by means of such equipment, or
c) Recorded as part of a relevant filing system or with the intention that it should form part
d) does not fall within paragraph (a), (b) or (c) but forms part of an accessible record as
e) Recorded information held by a public authority and does not fall within any of
Paragraphs (a) and (b) entails that information kept on computer, or is projected to be held on
computer, is data. Therefore this implies that data is not only the information recorded on paper
Among other things the Act further explained the concept of data controller,51 data subject,52 data
50
Section 1 (1) of Data Protection Act Cap.29 of 1998.
51
Means, subject to subsection (4), a person who (either alone or jointly or in common with other persons)
determines the purposes for which and the manner in which any personal data are, or are to be, processed.
52
Means an individual who is the subject of personal data. The Act does not count as a data subject an individual
who has died or who cannot be identified or distinguished from others.
53
In relation to personal data, means any person (other than an employee of the data controller) who processes the
data on behalf of the data controller.
54
Means data which relate to a living individual who can be identified— (a) from those data, or (b) from those data
and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data
controller or any other person in respect of the individual.
55
The Charter of Fundamental Rights of the European Union available at Brown, I. (2010). The challenges to
European data protection laws and principles. EC DG Justice, Freedom and Security
http://ec.europa.eu/justice/policies/privacy/docs/studies/new_privacy_challenges/final_report_en.pdf-retrieved 14th
Sept 2013.
16
Sometimes data are jointly owned, that means more than one person. For instance, a government
department sets up a database of information about every child in the country. It does this in
partnership with local councils. Each council provides personal data about children in its area,
and is responsible for the accuracy of the data it provides. It may also access personal data
provided by other councils (and must comply with the data protection principles when using that
data). The government department and the councils are data controllers in common in relation to
Sensitive Data.
It includes;
(d) Whether he is a member of a trade union (within the meaning of the Trade Union and Labour
(h) Any proceedings for any offence committed or alleged to have been committed by him, the
Sensitive data are important to be observed in the society. If used badly they can harmful
person’s reputations and even affecting someone’s economic position. Their categories are much
wider than personal data then they needs to be treated with greater care than other personal data.
In particular, if you are processing sensitive personal data you must satisfy one or more of the
17
conditions for processing which apply specifically to such data, as well as one of the general
The categories of sensitive personal data are broadly drawn so that, for example, information that
someone has a broken leg is classed as sensitive personal data, even though such information is
relatively matter of fact and obvious to anyone seeing the individual concerned with their leg in
plaster and using crutches. Clearly, details about an individual’s mental health, for example, are
generally much more “sensitive” than whether they have a broken leg.56
Processing as,57
In relation to information or data, means obtaining, recording or holding the information or data
or carrying out any operation or set of operations on the information or data, including –
available, or
The classification of processing is very extensive and it is not easy to consider of anything an
However, data can be processed only for purposes for which they are required by or under any
enactment to be processed, the person on whom the obligation to process the data is imposed by
or under that enactment is for the purposes of this Act the data controller.
56
Information Commissioner’s Office, The Guide to Data Protection, accessed on
www.ico.org.uk/.../Data_Protection/.../THE_GUIDE_TO_DATA_PROTECTION...-retrieved on 14th Sept 2013.
57
Section 1 (1) of Data Protection Act Cap.29 of 1998.
18
For instance a government section that is answerable for paying reimbursement to person’s
contracts with a private company to oversee the benefits. The question is whether the
government department remains the data organizer for dispensation personal data on benefits,
despite of the scope given to the company in deciding how to do this at a practical level. The
government department retains overall responsibility for administering the provision of the
An individual is entitled at any time by notice in writing to a data controller to require the data
controller at the end of such period as is reasonable in the circumstances to cease, or not to begin,
processing for the purposes of direct marketing personal data in respect of which he is the data
subject.59
Personal data should not be processed if it is insufficient for its intended purpose. For example, a
CCTV system is installed to identify individuals entering and leaving a building. However, the
quality of the CCTV images is so poor that identification is difficult. This undermines the
Therefore control over the data shall apply throughout the period when a controller processing
personal data as do the rights of individuals in respect of that personal data until the time when
the data has been deleted, returned, or destroyed. Thus duties extend to the way controller
dispose of personal data when no longer need to keep it. The data must be disposing in a way
58
Information Commissioner’s Office, The Guide to Data Protection, accessed on
www.ico.org.uk/.../Data_Protection/.../THE_GUIDE_TO_DATA_PROTECTION...-retrieved on 14th Sept 2013.
59
See Section 11 of Data Protection Act Cap.29 of 1998.
60
Information Commissioner’s Office. Pp.33.
19
1.5.2. Exemptions on Data Protection.
The Data Protection Act contains a number of other exemptions from the rights and duties in the
Act. You must process personal data in accordance with the Act unless one of these exemptions
applies.
The exemptions either allow for the disclosure of information where there would otherwise be a
breach of the Act or allow information to be withheld that would otherwise need to be disclosed.
They are designed to accommodate special circumstances, for example when processing personal
data:
We cannot dispute the fact that, the United Kingdom Act provides a better basis for data
protection than ours. These are just few basics of data protection in the United Kingdom
Legislation which automatically entails the confidentiality, integrity and Availability of the data.
1.6 Conclusion.
Currently, a draft of three laws relating to Information, Communication and Technology have
been sent to the office of Attorney General. These Draft Laws are , The Electronic Transactions
and Communications Bill,61 the Computer Crime and Cybercrime Bill,62 and Data Protection and
Privacy Bill,63 which among other things provides for data protection as per Section 6 (2)64 data
61
Of 2013.
62
Ibid.
63
Ibid.
64
Data Protection and Privacy Bill, 2013.
20
controller65 shall not collect personal information by unlawful means; or by means that, in the
circumstances are unauthorized; or intrude to an unreasonable extent upon the privacy of the data
subject concerned, and Section 10 provides for the limits of the data controller on disclosure of
personal information,66 therefore in the coming years some of these legal issues can be solved as
the Act may give effect to principles of data protection; place limitations on the processing of
personal data; provide for the rights of the data subject; describe the responsibilities of the Data
Controller; establishment of the Data Protection Authority; and combat violations of privacy
likely to arise from the collection, processing, transmission, storage and use of personal data
activities.
Also we cannot rely on the Bills by waiting them to be passed by the parliament, because what if it
will take 5 to10 years after? We normally know that we have an option when our laws are silent and
that is lacuna in which section 9 of the Judicature and Application of Law Act, Cap.358, then that
can be used while still waiting for the Bills to be passed. However, the question remain to ourselves
that how can an offence being subjected as an offence by the Act which does not claimed it to be an
offence?
65
By means of data controller, TCRA automatically is included within it, hence any action against confidentiality of
customers information will prevail as long as it is illegal.
66
Data Protection and Privacy Bill, 2013.
21
BIBLIOGRAPHY
Textbooks
Adam J. Mambi (2010), ICT LAW BOOK, a Source Book for Information and Communication
Technologies and Cyber Law in Tanzania and East Africa Community: Mkuki na Nyota Printers;
Dar Es Salaam
Bryan A.G (1999), Black’s Law Dictionary, 8th Edition, West Group Publishing Company
Neil Robinson et al (2009), Review of the European Data Protection Directive, RAND
Corporation,
Baraka Kanyabuhinya, Information Privacy Law in Tanzania, Support for Harmonization of the
www.itu.int/.../Tanzania%20presentations/Data%20Protection%20Law%...
The same typology is used by the ITU Global Cyber Security Agenda/High-Level Experts
At http://www.itu.int/osg/csd/cybersecurity/gca/global_strategic_report/index.html
United Nations 199, see also social learning theory and moral disengagement analysis of
22
Internet Sources
http://dealnews.com/pages/articles/guide-computer-crime-prevention
http://it.med.miami.edu/x904.xml
http://thelawdictionary.org/file-integrity/#ixzz2asjJJgsl
http://www.brighthub.com/computing/smb-security/articles/61402.aspx
Legal Documents
Statutes
Case laws
Gillick v. West Norfolk and Wisbech Health Authority HOUSE OF LORDS [1986] 1 AC 112,
23
International Instruments
The Council of Europe Convention on Cyber Crime, European Treaty Series - No. 185, Budapest,
Regulations
Electronic and Postal Communications Act (CAP.306), Electronic and Postal Communications
9/12/2011
Electronic and Postal Communications Act (CAP.306), Electronic and Postal Communications
Electronic and Postal Communications Act (C Ap.306) Electronic and Postal Communication
Electronic and Postal Communications Act (Cap.306) Electronic and Postal Communication
Electronic and Postal Communications Act (Cap.306) Electronic and Postal Communication
published on 9/12/2011
Bills
24
Author’s Particulars
Occupation: Student (LL.B Degree Holder (2012) and LL. M-ICT LAW Candidate (2013)
25