publish time

11/01/2019

author name Arab Times

publish time

11/01/2019

Najmah Brown, Esq.

Aside from advancements in financial technology services, cybersecurity is of broad and current interest in the State of Kuwait. As a result, many organizations are offering cybersecurity products and services.

Many believe that Kuwait lacks cybersecurity laws, however, this belief is connected with people not having a clear definition of cybersecurity or due to the fact that during open dialogues people believe it to mean something different from the other. While many governments have yet to clearly define cybersecurity, the purpose is ultimately the protection of information systems and the information stored on or processed by such, as well as how to respond when systems are compromised and data is breached.

Cybersecurity and data protection in Kuwait are governed by various local laws, namely, Law No. 20/2014 regarding Electronic Transactions and Law No. 63/2015 regarding Combating Cyber Crimes.The Electronic Transactions Law, which addresses privacy and data protection, limits certain type of personal information (e.g. health status and financial assets) from being viewed or published without authorization. Further, a party that collects the data shall not use such data other than the purpose for which the party agreed. Further, once data is collected, all appropriate arrangements must be made to protect the personal information or data against lose, damage or distribution. The Cybercrimes Law sets forth what constitutes a cybercrime and the punishment for performing such acts. The Law does specify key criminal acts that are common in cyberspace (e.g. hacking systems to block access to such and accessing financial records without authorization/money laundering).

The key is to continue developing the pre-existing laws to ensure that they comply with international standards, such as the International Standards Organization (ISO), to protect data or information from breach, which can result in the compromise of the country’s security measures, consumer’s electronic information (e.g. bank account records) or confidentiality obligations of individuals and organizations.

With the focus point on cybersecurity, and the efforts of the Communication and Information Technology Regulatory Authority, which seeks to improve the standards and practices of information security, and protect the IT infrastructure in Kuwait, I imagine we will see developments in the near future that govern this subject matter.

By Najmah Brown, Esq.
email: najmahbrown@aladwanilawfirm. com