12
Section 27. Corporate bodies whose activity is to provide access to information systems shall
be bound to inform users of:
-
the dangers associated with the use of unprotected information systems notably for
private individuals;
the need to install parental control devices;
specific security violation risks notably, the generic family of viruses;
the existence of permanent technical means to restrict access to certain services and
propose to them at least one of such means notably, the use of the most recent
operating systems, the use of anti-viruses against spywares, misleading viruses, the
activation of personal firewalls, intrusion detection systems and activation of
automatic updating.
Section 28. (1) Operators of information systems shall inform users of the prohibition to use
electronic communication networks for the publishing of illicit content or any other act that IS
likely to affect the security of networks or information systems.
(2) Such prohibition shall equally concern the designing of misleading viruses, spywares,
potentially undesirable software or any other device leading to fraudulent practices.
Section 29. (1) Operators of information systems shall be bound to conserve the connection
and traffic data of their information systems for a period of 10 (ten) years.
(2) Operators of information systems shall be bound to set up mechanisms for monitoring
and controlling access to the data of their information systems. Such data may be accessible in
the course of judicial inquiries.
(3) The installations of operators of information systems may be subject to search or seizure,
on the order of a judicial authority, under conditions provided for by the laws and regulations
in force.
Section 30: (1) Operators of information systems shall assess and revise their security
systems and, where necessary, make the appropriate modifications to their security practices,
measures and techniques according to technological change.
(2) Operators of information systems and users may cooperate mutually with a view to
implementing the security practices, measures and techniques of their systems.
Section 31. (1) Electronic communication networks and information systems content
providers shall be bound to ensure the availability of material, as well as the data stored in
their installations.
(2) They shall be bound to set up filters in order to avoid any attacks that may be prejudicial
to personal data and the privacy of users.
Section 32. (1) Electronic communication networks and information systems shall be subject
to a regime of compulsory and periodic auditing of their security systems by the Agency.
(2) Security audit and severity scale rating shall be undertaken each year or as required by the
prevailing circumstances.