Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View

An Overview of Uganda’s Computer Misuse Amendment Act 2022

Published December 23, 2022 / Updated June 25, 2024
Author

Omer Imran Malik

Data Privacy Legal Manager, Securiti

FIP, CIPT, CIPM, CIPP/US

Listen to the content

This post is also available in: Brazilian Portuguese

Uganda’s Computer Misuse Amendment Act 2022 (Act) came into effect after President Yoweri Kaguta Museveni assented to the law on 14th October 2022.

Objective of the Act

The object of the Act, as specified by the Ugandan government, is to:

  • Amend the Computer Misuse Act, 2011, to enhance the provisions on unauthorized access to information or data;
  • Prohibit the sharing of any information relating to a child without authorization from a parent or guardian;
  • Prohibit the sending or sharing of information that promotes hate speech;
  • Provide for the prohibition of sending or sharing false, malicious, and unsolicited information; and
  • To restrict persons convicted of any offense under the Computer Misuse Act, 2011 from holding public office for a period of ten years; and for related matters.

Background of the Act

Since the enactment of the Computer Misuse Act, 2001 in Uganda, the world has witnessed ongoing rapid growth in computer-generated technologies. As a result, many internet and social media platforms have been adopted as means of communication and interaction.

While the development of computer-generated technology through the use of the internet has brought a multitude of economic, social, and educational advantages, it has also created opportunities for violating others' rights and freedoms, particularly the right to data privacy.

The right to privacy is safeguarded and preserved by Article 27 (2) of the Constitution of Uganda, 1995 (Constitution), which prohibits, among other things, interference with the privacy of correspondence or communications. The Constitution further protects an individual's right to privacy under Article 41 by outlawing the disclosure of such information that might infringe on another person's right to privacy.

The abuse of social media and online platforms through the dissemination of false, malicious, hateful and unwarranted information has adversely impacted the enjoyment of the right to privacy of individuals. Regrettably, a number of these violations have extended to minors, with information about, or relating to minors being shared on social media sites without the consent of their parents or legal guardians.

In light of the foregoing issues, the Computer Misuse Amendment Bill 2022 was introduced in Uganda to enhance the protection of the right to privacy by addressing the issues arising from the misuse of online and social media platforms.

Main Features of the Act

The Act applies to any person, regardless of their nationality or citizenship, and whether they are within or outside Uganda. If an offense under the Act is committed by any person in any place outside Uganda, they may be dealt with as if the offense was committed within Uganda.

The Act criminalizes the following actions and introduces corresponding penalties:

  • Without authorization:
    • accessing or intercepting any program or another person's data or information;
    • making audio or video recording of another person; or
    • sharing any information about or relating to a person.

    If a person is found guilty of committing any of the foregoing acts, they are liable to imprisonment for up to 10 years, or a fine for an amount up to 750 currency points (Uganda shillings 15,000,000), or both.

  • Using social media to publish, distribute or share information prohibited under the laws of Uganda under a disguised or false identity.If a person is found guilty of committing the foregoing act, they are liable to imprisonment for up to 5 years, or a fine for an amount up to 500 currency points (Uganda shillings 10,000,000), or both.

    If such information is published, shared or distributed on a social media account of an organization, the person who manages the social media account of the organization shall be held personally liable for the commission of the offense. Moreover, for the purposes of prosecution of the foregoing act, it shall be presumed, until the contrary is proved, that the information on a social media account which is:

    • verified by a social media operator, has been published, distributed or shared by a legal or natural person;
    • registered using a telephone contact, is published, distributed or shared by the person or organization in whose name the telephone contact is registered; or
    • registered using an email address that has been used or submitted as data by any data collecting entity, is published, distributed or shared by the person or organization in whose name the email address is registered.
  • Sending, sharing or transmitting any information about or relating to a child through a computer unless an individual obtains consent of the child's parent, guardian, or any other person having the authority to make decisions on behalf of the child.
  • Writing, sending or sharing any information through a computer which is likely to:
    • ridicule, degrade or demean another person, group of persons, a tribe, an ethnicity, a religion or gender;
    • create divisions among persons, a tribe, an ethnicity, a religion or gender; or
    • promote hostility against a person, group of persons, a tribe, an ethnicity, a religion or a gender.
  • Sending to or sharing with another person unsolicited information through a computer, unless the sending or sharing of the unsolicited information is in the public interest. Unsolicited information means information transmitted to a person using the internet without the person's consent, but does not include unsolicited commercial communication.
  • Sending, sharing or transmitting any misleading or malicious information about or relating to any person through a computer.If a person is found guilty of committing any of the foregoing acts, they are liable to imprisonment for up to 7 years, or a fine for an amount up to 750 currency points (Uganda shillings 15,000,000), or both.

How Securiti Can Help

Securiti’s robust tools enables businesses to ensure compliance with their privacy obligations under the Uganda Computer Misuse Amendment Act, 2022.

Securiti is an industry leader in offering business solutions for data compliance and governance. Its wide range of options, from consent management to data discovery, enables businesses to automate their compliance with all significant international data regulations.

Request a demo today and learn more about how Securiti can help your compliance efforts with the Uganda Computer Misuse Amendment Act as well as any other data-related regulations.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


Share

More Stories that May Interest You
Videos
View More
Mitigating OWASP Top 10 for LLM Applications 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
View More
Top 6 DSPM Use Cases
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
View More
Colorado Privacy Act (CPA)
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
View More
Securiti for Copilot in SaaS
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
View More
Top 10 Considerations for Safely Using Unstructured Data with GenAI
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
View More
Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
View More
Navigating CPRA: Key Insights for Businesses
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
View More
Navigating the Shift: Transitioning to PCI DSS v4.0
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
View More
Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...
AWS Startup Showcase Cybersecurity Governance With Generative AI View More
AWS Startup Showcase Cybersecurity Governance With Generative AI
Balancing Innovation and Governance with Generative AI Generative AI has the potential to disrupt all aspects of business, with powerful new capabilities. However, with...

Spotlight Talks

Spotlight 11:29
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Watch Now View
Spotlight 11:18
Rewiring Real Estate Finance — How Walker & Dunlop Is Giving Its $135B Portfolio a Data-First Refresh
Watch Now View
Spotlight 13:38
Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines
Sanofi Thumbnail
Watch Now View
Spotlight 10:35
There’s Been a Material Shift in the Data Center of Gravity
Watch Now View
Spotlight 14:21
AI Governance Is Much More than Technology Risk Mitigation
AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3
You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge
Watch Now View
Spotlight 47:42
Cybersecurity – Where Leaders are Buying, Building, and Partnering
Rehan Jalil
Watch Now View
Spotlight 27:29
Building Safe AI with Databricks and Gencore
Rehan Jalil
Watch Now View
Spotlight 46:02
Building Safe Enterprise AI: A Practical Roadmap
Watch Now View
Spotlight 13:32
Ensuring Solid Governance Is Like Squeezing Jello
Watch Now View
Latest
View More
Databricks AI Summit (DAIS) 2025 Wrap Up
5 New Developments in Databricks and How Securiti Customers Benefit Concerns over the risk of leaking sensitive data are currently the number one blocker...
Inside Echoleak View More
Inside Echoleak
How Indirect Prompt Injections Exploit the AI Layer and How to Secure Your Data What is Echoleak? Echoleak (CVE-2025-32711) is a vulnerability discovered in...
What Is Data Risk Assessment and How to Perform it? View More
What Is Data Risk Assessment and How to Perform it?
Get insights into what is a data risk assessment, its importance and how organizations can conduct data risk assessments.
What is AI Security Posture Management (AI-SPM)? View More
What is AI Security Posture Management (AI-SPM)?
AI SPM stands for AI Security Posture Management. It represents a comprehensive approach to ensure the security and integrity of AI systems throughout the...
Beyond DLP: Guide to Modern Data Protection with DSPM View More
Beyond DLP: Guide to Modern Data Protection with DSPM
Learn why traditional data security tools fall short in the cloud and AI era. Learn how DSPM helps secure sensitive data and ensure compliance.
Mastering Cookie Consent: Global Compliance & Customer Trust View More
Mastering Cookie Consent: Global Compliance & Customer Trust
Discover how to master cookie consent with strategies for global compliance and building customer trust while aligning with key data privacy regulations.
View More
Key Amendments to Saudi Arabia PDPL Implementing Regulations
Download the infographic to gain insights into the key amendments to the Saudi Arabia PDPL Implementing Regulations. Learn about proposed changes and key takeaways...
Understanding Data Regulations in Australia’s Telecom Sector View More
Understanding Data Regulations in Australia’s Telecom Sector
Gain insights into the key data regulations in Australia’s telecommunication sector. Learn how Securiti helps ensure swift compliance.
Gencore AI and Amazon Bedrock View More
Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock
Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...
DSPM Vendor Due Diligence View More
DSPM Vendor Due Diligence
DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...
What's
New