Close Menu

FST Forum | Does Jamaica’s Cyber Crimes Act impede best practices in security assurance?

In February 2021, it was discovered that sensitive data collected by the JamCovid App seemed to not have been properly secured, and was exposed to public access on the Internet.  Apart from the obvious question of whether the Government's procurement procedures provide adequate security assurance, the response of the Government to the disclosure of the breach seems to regard the discoverer of the breach as potentially liable under the Jamaica Cyber Crimes Act.  This response seems to have caused alarm among data security professionals (and students) because permitting (even encouraging) neutral 3rd parties to come forward with information on discovered vulnerabilities is an accepted component of providing security assurance, so that those vulnerabilities can be addressed, before they are exploited by bad actors. The FST Science for Today forum on March 24, 2021 discussed the degree to which this alarm is warranted, how cyber-security professionals can operate in compliance with the Cyber Crimes Act, and how the Act might be amended to reduce the deterrent effect it currently has on good actors reporting cyber security incidents and vulnerabilities.


Watch a replay of the forum here:

Published on 26 Mar, 2021

Top of Page