The provisions of the Corporate Governance Act in Zimbabwe dealing with cyber laws

The legislature enacted the Codification in 2004 with a specific Chapter dedicated to Computer-related crimes, Chapter VIII. In this Chapter, hacking has been criminalized under section 163 of the Codification, card cloning under section 167 is defined as the unauthorised use or possession of a credit or debit card and unauthorised use of one’s password or pin-number under section 168. This for example means that during the COVID-19 era where e-commerce was fast thriving, the increasing number of victims of card cloning and hackings already had a specific and express legal remedy under Chapter VIII of the Codification. Although Chapter VIII of the Codification was promulgated to cater for cybercrimes, it does not include some of the most common cybercrimes that have become rampant in e-commerce particularly mobile money transaction-related fraud. These cybercrimes not covered by Chapter VIII of the Codification have been addressed under traditional crimes.

The first Bill aimed at protecting consumers in the online environment was drafted in 2013 and marked as the first draft of the Electronic Transactions and Electronic Commerce Bill of 2013 on the 11th of June 2013. This Bill was intended to govern e-commerce in Zimbabwe. The E-Transactions and E-Commerce Bill, of 2013 only provided for the enforceability and legal certainty of electronic transactions and e-commerce, whilst a separate Bill addressing cybersecurity and cybercrime was drafted in 2017.

Zimbabwe formally enacted the Data Protection Act (DPA) on December 3, 2021. While the new law deals with aspects of cybersecurity and cybercrime, the Act's primary focus is on data privacy and ensuring data protection for all data collected by data handlers within the country as well as outside the country if the means used for processing is located in Zimbabwe.

The DPA also brought amendments to the following existing laws within the Zimbabwean constitution:

? Criminal Law (Codification and Reform Act).

? The Criminal Procedure and Evidence Act.

? The Interception of Communications Act.

As per the DPA, data controllers must process data fairly and lawfully. They must ensure that data is collected only for specified, explicit and legitimate purposes taking into account all relevant factors and ensuring compliance with the provisions of the DPA