11
provider and to any person he requested to trust his signature.
Section 23. In the event of failure to honor the commitments under Section 22 above, the
holder of the signature shall be responsible for the injury caused to others.
CHAPTER IX
PROTECTION OF ELECTRONIC COMMUNICATION NETWORKS,
INFORMATION SYSTEMS AND PERSONAL PRIVACY
1- PROTECTION OF ELECTRONIC COMMUNICATION NETWORKS
Section 24. Electronic communication networks operators and electronic communication
service providers must take all the necessary technical and administrative measures to
guarantee the security of the services provided. To that end, they shall be bound to inform
users about:
-
-
the risks of using their networks;
the specific risks of security violation , notably the denial of services distributed,
abnormal rerouting, traffic points, traffic and unusual ports, passive and active
listening, intrusion and any other risk;
the existence of techniques to ensure the security of their communications.
Section 25. (1) Network operators and electronic communication service providers shall be
bound to conserve traffic connection data for a period of 10 (ten) years.
(2) Network operators and electronic communication service providers shall set up
mechanisms for monitoring the traffic data of their networks. Such data may be accessible in
the course of judicial inquiries.
(3) Network operators and electronic communication service providers shall be liable where
the use of the data referred to in Sub-section 2 above undermines the individual liberties of
users.
II - PROTECTION OF INFORMATION SYSTEMS
Section 26. (1) Operators of information systems shall take every technical and administrative
measure to ensure the security of services offered . To this end, they shall have standardized
systems enabling them to at all times identify, assess, process or manage any risk relating to
the security of the information systems of the services provided directly or indirectly.
(2) Operators of information systems shall set up technical mechanisms to avoid any hitches
that may be prejudicial to the steady functioning of systems, their integrity, authentication,
non repudiation by third party users, confidentiality of data and physical security.
(3) The mechanisms provided for in Subsection 2 above shall be subject to the approval and
visa of the Agency.
(4) Information systems platforms shall be protected against any radiation or intrusion that
may impair the integrity of data transmitted and any other external attack notably, through
intrusions detection system.