The Computer and Cybercrimes Bill, 2016
(3) Despite subsections (1) and (2), the activities described in thereof do
not constitute an offence if —
(a) any act intended for the authorised training, testing or
protection of a computer system; or
(b) the use of a program or a computer password, access
code, or similar data is undertaken in compliance of and
in accordance with the terms of a judicial order issued or
in exercise of any power under this Act or any law.
(5) For the purposes of subsections (1) and (2), possession of any
program or a computer password, access code, or similar data includes
having—
(a) possession of a computer system which contains the
program or a computer password, access code, or similar
data;
(b) possession of a data storage device in which the program or
a computer password, access code, or similar data is
recorded; or
(c) control of a program or a computer password, access code,
or similar data that is in the possession of another person.
Unauthorised
disclosure
of
password
or
access code.
9.
(1) A person who knowingly and without authority discloses any
password, access code or other means of gaining access to any program or
data held in any computer system commits an offence and is liable, on
conviction, to a fine not exceeding five million shillings or to
imprisonment term for a term not exceeding three years, or to both.
(2) A person who commits the offence under subsection (1)—
(a) for any wrongful gain;
(b) for any unlawful purpose;
(c) to occasion any loss,
is liable, on conviction, to a fine not exceeding ten million shillings or to
imprisonment for a term not exceeding five years, or to both.
Enhanced
penalty
offences
involving
for
10. (1) Where a person commits any of the offences specified under
sections 4, 5, 6 and 7 on a protected computer system, that person shall be
liable, on conviction, to a fine not exceeding twenty five million shillings
10