Lessons Learned in Cyber Legislation

I shared these lessons learned during the APT/ITU/PITA Workshop on Principles of Cyber Legislation for the Pacific Region last March 29, 2007 in New Zealand. I hope advocates will find this useful.

In lobbying for a law:

1. Push for one law at a time. Having simultaneous legislation being pushed only confuses or overwhelm the people you talk to. Let it be that when a person sees you, the only thing that comes to their mind is the one legislation you are pushing for.
   
2. Talk to your legislators. A big mistake among cyber-legislation advocates is that they keep complaining on the lack of law and even blame government and legislative branch for failure to enact one. If you believe in a proposed law's importance, then you should be willing to take action and do the necessary work to get it passed.
   
3. Make e-champions out of your legislators. This includes regular briefing and getting them to talk to different stakeholders about the proposed legislation. Getting them to own the legislation is very important.
   
4. Get stakeholder support. Create or join a group who is supportive or main purpose is to lobby for the passage of the law. Talk to as many sectors as possible who will benefit from the legislation to issue a position paper supporting its immediate passage. By creating more advocates strengthens your position.
   
5. Get international endorsement. If countries and associations that does trade with your country endorse the said law's immediate passage, that will be helpful as well. Those who are committed, whenever they visit and do courtesy calls to important persons, they manifest the urgency of the proposed legislation's passage.
   
6. Get research papers to support you. This is not only on the need and how it will benefit your country but also of other's experience as well.
   
7. Make sure that your proposed legislation has a designated implementer.
   
8. Make certain that funding is allotted and accountability properly stated and can only be released with an approved plan.
   
9. As most cyber legislation has law enforcement requirements, ensure that the enforcement authority is given adequate funding as well.
   
10. Make cyber legislation recognize the need to be gender balance in its implementation.
    
11. Ensure that cyber legislation will be friendly for SMEs to participate or avail of.
    
12. Include provisions for consumer protection and grievance mechanism right from the start or mandate the creation of guidelines.

After the law's passage:

• Ensure that the law’s implementer gets their job done. Any political power-play that tends to take their authority away should be with proper legislative mandate. Else, accountability, especially on funds, can pose problems later on.
• Any e-government fund or spending must be supported by an approved plan, as mandated by the law, where its role in the bigger picture and return on investment adequately cited for success or impact monitoring. Else, billions of funds can be go waste.
• Push for no approved PLAN, no FUNDS policy.
• First phase should always prioritize agencies that generate revenue for the government.
• Constant monitoring of ongoing e-government projects is a must. The entity who monitors must be the one empowered by existing laws.
• If it has discretion on funds, it should be lead by a different department or body within the office.
• Make sure that cybercrime enforcement becomes part of the law enforcement authorities annual budget. At times, even if stated in the law, it doesn't get implemented.
• Push for the creation of ICT or E-Government Watchdog to actively monitor e-government spending and be vigilant or vocal for any irregularity spotted.
• This body should not be the source of future government officials or else it will soften its stand due to personal relationships.

Getting the law passed is only 10% of what needs to be done. Be vigilant. Rest is not allowed. Don’t give up your voice. Check and balance is always a must!