Two weeks ago, the media went abuzz when reporting on data stolen from the Social Security Commission’s database. This becomes yet another data security incident in Namibia, following numerous others having taken place from hospitals, as well as private and government institutions over the years.

However many times this happens, incidents like this, no matter how alarming, are not surprising, given our country’s online security status and systems.

The UN body for ICT, the International Telecommunications Unions (ITU) has classified Namibia as a haven for online criminals in its 2017 global cybersecurity index (GCI), ranking amongst the least in most of the global cybersecurity agenda. Namibia came in globally at 151, and in Africa at number 35 out of 42 countries surveyed. Namibia’s score on the legal, technical and organisational measures are ranked specifically zero, while ranking on average in capacity-building and cooperation pillars.

Given that picture by the ITU, online criminal activities are hypothetically 83% more likely to happen in Namibia than in any other of the 42 African countries surveyed.

Perhaps two things make us more susceptible to cybercrime, more than any other country.

First: We cannot shy away from the fact that we lack the necessary legislation to protect all forms of data. There is also a lack of data protection awareness in the country.

Second: An obvious lack of awareness by entities around the issue of data security and/or protection.

Given these current challenges, we might have to consider a number of issues to mitigate the situation, while getting our house in order.

We need to start raising awareness on data protection issues at all levels now, and identify areas of priority as well as loopholes which can be prioritised once the necessary legislation is in place.

Create platforms to share common lessons, such as engaging the financial sector, as they seem to be leaders where online security is concerned.

These incidents should also serve as a motivating reason for all stakeholders and sectors to rigorously get involved in the formulation of legislation to ensure that their interests are covered.

Encourage institutions to double efforts in performing security audits, as part of ensuring security measures.

I am discouraged by the lack of engagement on the part of corporate Namibia in funding social and technical enterprises that could help in risk assessments. This would include sponsoring the developers’ community events such as hackathons, amongst others. This practice is not only building local capacity, but also taking local skills one step further.

Finally, the Internet Society and the Commission of the African Union recently launched a continental guideline on data protection.

It is my hope that as we move towards the passing of the draft bills on electronic transactions and cybercrime, and as we look forward to the formulation of data protection laws, we use these guidelines as well as other international legislation such as the GDPR as guidelines in setting local legislation, not forgetting to ensure a national context speaking to local needs.

Moving forward, all eyes are on the ICT ministry to see when the data protection legislation formulation will begin. Particular interest is a call to start this process with a needs analysis from all stakeholders in the initial drafting of the legislation.

I’m out.

* Nashilongo Gervasius-Nakale holds a master’s in leadership development in ICT and the knowledge society from the University of Mauritius. You can follow her on twitter @Nashilongo