[ad_1]
By Oyetola Muyiwa Atoyebi, SAN
INTRODUCTION
Organizations and individuals may now connect and do business electronically due to the advancement of Information and Communications Technologies (ICT). This raises a range of legal and regulatory issues for policymakers, from concerns about cybercrime and the ability to safeguard intellectual property rights online to the legitimacy of electronic means of contracting and the security risks they entail. It is no longer news that with the advent of the internet, the world has become a global village, and it has been observed that many organizations now additionally operate as digital businesses.
Similarly, the way businesses conduct their operations and other transactional activities has unquestionably changed as a result of the internet, which has also brought forth new legal implications and ramifications for potential breaches of contract or data privacy. It is unquestionably true that any evolution carries certain hazards, and ICT is no exception.
This article looks into the regulatory framework for the use of ICT in Nigeria and some of the risks of having commercial transactions via the internet, and how the liabilities can be reduced.
Information and Communication Technology
The term “Information and Communication Technology” (ICT) refers to a broad range of technological resources and instruments used to create, transfer, store, share, and exchange information. ICT has become an umbrella term in many parts of the world and it includes the internet, computers, wireless network, software, social networking, as well as other media applications and services enabling users to access, retrieve, store, transmit and manipulate information in a digital form.
Legal Risk in the use of Information and Communication Technology
Information and Communication Technology has transformed the way organization carry out their internal activities as well as transactional engagements. It has also ushered in various legal implications and risks such as:
- Hackers
An expert who uses his technical knowledge to obtain illegal access to data inside a computerized system is known as a computer hacker. Hackers can operate alone or in groups, and they typically try to enter a computer system in order to engage in illegal or criminal conduct. Here are some examples of the illegal conduct hackers commit:
- Stealing of information, either confidential or otherwise (i.e. online espionage).
- Stealing of funds/Online fraud.
- Identity theft.
1. Breach of Privacy and Data
A Data breach can have consequences for users of a particular establishment carried on by the use of an ICT facility such that it can disrupt its daily operations. The organization works to recover from the effects of the data breach and implement any necessary system updates to stop similar incidents from happening in the future. Customers whose private information has been exposed may discontinue doing business with the company, switch to a rival, and/or file a legal lawsuit against the company as a result of a data breach. Also, potential customers may become discouraged for fear of their private information getting into the wrong hands.
- Duplicity of Transactions
This is a circumstance in which a specific transaction is executed twice or more and it is referred to as a duplicate transaction. This is typically caused by a network outage or a system fault. This risk is quite prevalent in online financial transactions, particularly with commercial banks, and it frequently results in protracted legal proceedings.
- System Downtime/Internet Glitches
When an online network is unavailable or inaccessible for a period of time, this is referred to as system downtime, and it is typically caused by an unstable and irregular network supply. The internet network cannot function when the system is down. System downtime can have a variety of causes, including software/hardware failure, power failure, incorrect configuration, outdated equipment, human mistake, etc.
REGULATORY FRAMEWORK FOR THE USE OF ICT IN NIGERIA
The function of the government is to govern, and often this entails passing legislation and establishing rules that aim to restrain particular types of activity. In Nigeria, there are laws that have been put in place to regulate the use of ICT, especially transactions and interaction that occurs online and they include the following
- The Nigerian Data Protection Regulation, 2019 (NDPR):
This is a legislative framework that establishes rules for the gathering and handling of personal data from individuals in Nigeria. According to Section 1.1, this Regulation’s goal is to;
- To safeguard the rights of natural persons to data privacy;
- To foster safe conduct for transactions involving the exchange of personal data;
- To prevent manipulation of personal data; and
- To ensure that Nigerian businesses remain competitive in international trade through the safeguards afforded by a just and equitable legal regulatory framework on data protection which is in tune with best practice.”
- The Cybercrimes (Prohibition, Prevention) Act, 2015:
This Act primarily provides for offences that are committed online and the attendant consequences. Sections 6 – 36 of the Act provide for some of these offences are stated below:
- Unlawful access to a computer (hacking), unauthorized modification of computer systems network data and system interference.
- Unlawful destruction and abortion of electronic mails or processes through which money and or valuable information is being conveyed.
- Willful misdirection of electronic messages.
- Computer-related forgery.
- Computer-related fraud and fraudulent issuance of electronic instructions.
- Electronic card-related fraud, dealing in the card of another and purchasing or sale of the card of another.
- Identity theft and impersonation.
- Breach of confidence by Service Providers.
- Manipulation of ATM/POS terminals.
- Phishing, spamming and spreading of computer viruses.
- Use of fraudulent devices or attached e-mails and websites.
- The ISO/IEC 27001 2013 Standard
This is also known as ISO27001 and it is the international standard that sets out the specification for an information security management system (ISMS). It creates a framework that helps organizations establish, implement, operate, monitor, review, maintain and continually improve their information security management system. Complying with the ISO27001 provisions/standard is information security best practice and is essential to demonstrating data protection compliance
- The Nigerian Communication Act
The Act was enacted in 2003 to create a regulatory framework for the Nigerian communications industry. The Act established the Nigerian Communications Commission (NCC) as an independent National Regulatory Authority (NRA) for the Telecommunications industry in Nigeria. The Act further created provisions for the Licensing and operations of telecommunications service providers and other related Matters
- The National Broadcasting Commission Act
The Act was first promulgated as a Decree on 24 August, 1992. However, the Decree and its amendments have been adopted as an Act of the National Assembly. The National Broadcasting Commission Act, therefore, regulates radio broadcasting activities in Nigeria, as well as the licensing of Cable, DTH and all terrestrial radio and television services. It aims to implement the National Mass Communication Policy of the Federal Republic of Nigeria and also sets standards with regard to the contents and quality of materials being broadcast over the country’s radio waves
METHODS OF RISKS MANAGEMENT AND REDUCTION IN ICT
The consequences of the risks discussed above are, far-reaching and indeed very severe[1]. However, there are ways of mitigating and reducing these risks and some of them are discussed below, to wit;
- Security Software
It is of absolute importance that digital businesses be fully protected against security breaches by putting in place proper security systems to adequately protect the data from hackers. Some of the methods of protection of digital businesses include;
- Personal identification numbers (PIN).
- Two-factor authentication(2-FA).
- Digital signatures.
- One-time passwords (OTP).
- Security Questions/Codes.
- Digital certificates.
- Intrusion detection systems etc.
Also, it is necessary for digital businesses to take appropriate steps to sensitize and educate their customers/users on the potential risk of hackers, online thieves and fraudsters; and educate them on taking personal security measures so as not to divulge their personal/private information indiscriminately.
- Digital/Electronic Signatures
Digital businesses must give the assurance that the parties involved in any given transaction cannot deny that the transaction took place. This means that there must be adequate proof that the transaction occurred. The use of digital signatures is one way to address this. A digital signature ensures that a document or message is electronically signed by a person and therefore, the person cannot deny afterwards that he never provided the signatures. Section 17 of the Cybercrimes (Prohibition, Prevention) Act, 2015 provides for the use of electronic signatures thus:
Section 17 (1):
- Electronic signature in respect of purchased goods and any other electronic transactions shall be binding.
- Whenever the genuineness or otherwise of such signatures is in question, the burden of proof, that the signature does not belong to the purported originator of such electronic signatures shall be on the contender.
- Any person who with the intent to defraud or misrepresent, forges through electronic devices another person’s signature or company mandate, commits an offence and shall be liable on conviction to imprisonment for a term of not more than 7 years or a fine of not more than N10,000,000.00 or to both fine and imprisonment”
- Disclaimers
Disclaimers provide users with constructive notice of the necessary precautions the user ought to take and the limit of the business liability. The purpose of a disclaimer is to mitigate a specified risk and it protects the online business from legal action. However, it might not necessarily cover and/or limit every liability. An ideal disclaimer ought to cover all foreseeable liabilities for the product or service being provided by an online business. The users of the business must be warned of possible hazards and/or dangers associated with using the digital platforms
- Use of Terms and Conditions
A service provider/online platform and a person who desires to utilize that service may enter into a legally enforceable agreement/contract known as Terms and Conditions and commonly referred to as Terms of Service[2]. The agreement is what governs how an online platform is used; it lays forth the rules that users must accept and follow in order to access a digital platform. A website firm that uses terms and conditions is also shielded against unnecessary legal action.
- Cyber and Privacy Insurance
Insurance, as defined by Black’s Law Dictionary[3], is an agreement by which one party (the insurer) commits to doing something of value for another party (the insured) upon the occurrence of some specified contingency, especially in an agreement by which one party assumes a risk faced by another party in return for a premium payment. In essence, insurance is an arrangement by which a company undertakes to provide a guarantee of compensation for a person’s specified contingent loss, damage, illness, or death in return for the payment of a specified premium.
In the same vein, cyber and privacy insurance coverage policy provides digital businesses with protection from losses resulting from a possible data breach or the loss of electronically-stored confidential information[4]. The cyber and privacy insurance policies are designed to protect online/digital businesses from the activities of hackers and other criminal-minded individuals or entities who may gain unauthorized access to stored personal information.
CONCLUSION
This article has reviewed the main legal and regulatory issues as well as risks inherent in the use of use Information and Communication Technology (ICT). Possible solutions with regards to how to address these issues in order to promote harmonized law reform, promote e-Commerce and related activities; as well as constrain, where necessary, certain harmful behaviours for the protection of ICT users. It is therefore pertinent for every online firm or establishment to ensure adequate security measures are put in place to protect their users and at the same time, reduce their liability.
SNIPPET
Businesses and individuals may now connect and do business electronically due to the advancement of Information and Communications Technologies (ICT). However, this has raised a range of legal and regulatory issues for policymakers, from concerns about cybercrime and the ability to safeguard intellectual property rights online to the legitimacy of electronic means of contracting and the security risks they entail…
Key terms: information and Communication Technology, Organizations, Legal Risks in ICT
AUTHOR: Oyetola Muyiwa Atoyebi, SAN
Mr Oyetola Muyiwa Atoyebi, SAN is the Managing Partner of O. M. Atoyebi, S.A.N & Partners (OMAPLEX Law Firm).
Mr. Atoyebi has expertise in and vast knowledge of Technology Law Practice and this has seen him advise and represent his vast clientele in a myriad of high-level transactions. He holds the honour of being the youngest lawyer in Nigeria’s history to be conferred with the rank of Senior Advocate of Nigeria.
He can be reached at atoyebi@omaplex.com.ng
CONTRIBUTOR: Victor Atang
Victor is a member of the Dispute Resolution Team at OMAPLEX Law Firm. He also holds commendable legal expertise in Technology Law Practice
He can be reached at victor.atang@omaplex.com.ng
[1] Harmony Eghwubare: AN ANALYSIS OF THE RISKS ASSOCIATED WITH DIGITAL BUSINESSES VIZ-A-VIZ POSSIBLE REDUCTION OF LIABILITIES (https://www.aaachambers.com/articles/digital-businesses-risk-reduction/ date accessed 19/03/2023)
[2] Information and Communication Technology and Legal Issues for Central Asia; Guide for Policy Makers(2007) United Nations Publication: ECECI/1
[3] Black’s Law Dictionary
[4] Osborn’s Concise Dictionary
Price: ₦25,000.00 or £25 per copy [Hard Back– 10 chapters/637 pages] Contact Information Email: info@idrinstitute.com, info@adrinafrica.org WhatsApp only: 0803-703-5989 Voice Call – Mobile phones: 0817-630-8030, +234-909-
[ad_2]
Source link