Cybersecurity and Cybercrime Laws in the SADC Region https://zimbabwe.misa.org omission constituting an offence under this Act has been committed wholly or in part – (a) within the territory of the Kingdom of Lesotho; or (b) on a ship or aircraft registered in the Kingdom of Lesotho; or (c) by a national of the Kingdom of Lesotho outside the jurisdiction of any country; or (d) by a national of the Kingdom of Lesotho outside the territory of the Kingdom of Lesotho, if the person’s conduct would also constitute an offence under a law of the country where the offence was committed”. It acknowledges that electronic evidence is admissible in the courts of law. The objectives of the law are to “to make provision for electronic transactions; for the establishment and functions of the Malawi Computer Emergency Response Team (MCERT); to make provision for criminalizing offences related to computer systems and information communication technologies; and provide for investigation, collection and use of electronic evidence; and for matters connected therewith and incidental thereto”. Section 2 of the Africa defines “computer system” as “a device or a group of interconnected or related devices, one or more of which performs automatic processing of data pursuant to a program”. As such, this particular definition corresponds with the definition under the Budapest Convention. Under section 92 of the Act, “hacking” refers to, “Any person who hacks into any computer system...commits an offence”” Section 87(3) of the Act punishes any person who “intercepts any data without authority or permission to do so.” Interestingly, there is no statutory definition of the term “intercept” in the Act. The criminalisation encompasses issues such as recording, listening to or monitoring of the content of a computer communication, as well as the procuring of the content of data. The interception must be done to data during its transmission to, from, and within a computer system. It also provides a set of procedural instruments necessary to investigate cybercrime such as the protection of integrity of computer data during an investigation. The Bill empowers a judge or magistrate with authority to “issue a warrant authorising a [law enforcement or police officer, with such assistance as may be necessary, to enter the place to search and seize the thing or computer data including search or similarly access: (i) a computer system or part of it and computer data stored therein; and (ii) a computer-data storage medium in which computer data may be stored”. Unlike other pieces of legislation on cybercrime, the draft Bill points out that the internet service providers have no obligation to monitor data “which it transmits or stores; or actively seek facts or circumstances indicating an unlawful activity”. As a result, this clause limits the liability of internet service providers to criminal liability. This is important for the protection of the right to privacy as enshrined the Constitution of the Kingdom of Lesotho. Malawi Ma l aw i’s E lec t ron ic T ra n sac t ion s a nd Cyber Security Act came into effect in 2016. 24 The Act defines a data controller as “a person who, acting either alone or in common with other persons, determines the purpose for which, and the manner in which, any personal data is processed, or is to be processed and thus, controls and is responsible for the keeping and using of personal data, and the term includes a person who collects, processes or stores personal data”. It also explains data subject as “a person from whom data relating to that person is collected, processed or stored by a data controller”. The Act acknowledges the admissibility and evidential