Octopus Cybercrime Community

Communications Act (2012)

Though the government of Lesotho has drafted Computer and Cyber Crime Bill, Electronic Commerce and Transactions Bill etc., which seek to provide a legal framework to criminalize computer and network-related crimes, to date, Lesotho lacks adopted laws to regulate and specify cybercrimes.

Data Protection

The Data Protection Act (2011) covers many of the key issues that make this area a complex one for both regulation and implementation: the set-up of a Data Protection Commission (Part II); the various aspects of protection of personal information (Part III), including the principles of minimality, purpose specification, maintaining of data quality, and security measures; and enforcement measures (Part V). Lastly, the Act provides for sanctions and penalties for data protection offences, such as breaches of confidentiality or violations of any provisions of the Act or regulations made under it with imprisonment of up to 5 years and/or fines.

The Act attempts to bring Lesotho into compliance with EU standards and to reflect the South African Development Community (SADC) data protection standards. Lesotho’s Data Protection Commission has not yet been appointed to enforce the Act, and when it is appointed, the body may have considerably less enforcement power than analogous bodies in other jurisdictions (e.g. lack of ability to impose fines on entities that violate the Act). The law does not explicitly state that the Commission is independent, which potentially leaves it open to undue influence from the Prime Minister. (Data Protection Africa Project 2020)

Under the Act, data subjects have the right to:

• have their personal data corrected;
• access their personal data;
• prevent the processing of personal data that causes or is likely to cause them unwarranted damage or distress;
• prevent processing of personal data for purposes of direct marketing;
• not be subject to a decision by a data controller that would significantly affect them or have adverse legal repercussions if the decision was solely based on automatic processing; and
• correct or delete personal data when it is inaccurate.

Lastly, the Act allows for the cross-border transfer of personal information (Section 52) if the data subject agrees to it and:

• the recipient is subject to legislation that is substantially similar with the Act;
• the recipient demonstrates that the data is necessary for a task carried out in the public interest or pursuant to the lawful functions of a data controller; or
• the recipient demonstrates a need for the transfer (e.g. contract fulfillment; is for the benefit of the data subject).

Substantive law

Sexual Offences Act 2003 includes offences against children in PART III – Sexual Offences against Children, defining child molestation and persistent sexual abuse of a child, and in PART IV – Commercial Sexual Exploitation of Children addressing child prostitution, procuration, facilitation, offering or receiving a reward with regards to child sexual exploitation. The Act however does not focus on the means through which such acts can be committed, and PART VI – Evidence only covers physical evidentiary elements and psychological effects.

Intellectual property protection is regulated by the Industrial Property Order 1989 and the Copyright Order 1989, which conform to the standards set out in the Paris Convention and Berne Convention. The law protects patents, industrial designs, trademarks, and grant of copyright, but does not protect trade secrets or semi-conductor chip lay-out design. The Law Office is responsible for enforcement of the Industrial Property Order, while the Ministry of Tourism, Environment and Culture is responsible for enforcement of copyright (reflecting the law’s focus on protection of artistic works). (Privacy Shield) Part IV – Civil Remedies and Sanctions in the Copyright Order 1989 specifies sanctions against copyright infringements that include fines and/or up to five years imprisonment. On the other hand, the Industrial Property Order 1989 PART VII – General Provisions, Section 43: Infringement, unlawful acts, offences expands sanctions to up to 10 years in prison.

Penal Code Act 6 of 2010, PART II: General Principles of Criminal Liability, Section 24: Aiding and abetting provides that:

Where an offence is committed, each of the following persons is liable and may be charged - 

a) a person who actually does the act or makes the omission which constitutes the offence;

b) a person who does or omits to do any act for the purpose of enabling or aiding another person to commit the offence;

c) a person who, with the intention of giving assistance, is present at the scene of the crime within such distance from the perpetrator as to be in a position to render immediate assistance to him or her to evade arrest or conceal the offence;

d) a person who counsels, procures or incites any other person to commit the offence.

PART XX – Offences and Penalties of the Companies Act, 2011 (Act No. 18 of 2011) handles in Sections 175-178 false statements, fraudulent destruction of property, falsification of records, and allowable defences for company directors. Section 177(2) on falsification of records using “any mechanical, electronic, or other device” could carry some relevance regarding cybercrime and electronic evidence.

The following acts provide safeguards with respect to

• Constitution of Lesotho (1993) – Ch. II: Protection of fundamental human rights and freedoms;
• Human Rights Act 24 of 1983 safeguards the fundamental rights of the citizens of Lesotho.

Constitution of Lesotho (1993);

Human Rights Act 24 of 1983;

Penal Code Act 6 of 2010;

Criminal Procedure and Evidence Act (1981);

Criminal Procedure and Evidence (Amendment) Act 10 of 1998;

Sexual Offences Act No 3 of 2003;

Data Protection Act (2011);

Industrial Property Order 1989 (Order No. 5 of 1989, as last amended by Act No. 4 of 1997);

Copyright Order 1989 (Order No.13 of 1989);

Companies Act, 2011 (Act No. 18 of 2011);

Mutual Legal Assistance in Criminal Matters Act of 2018 (no open sources available);

SADC Protocol on Mutual Legal Assistant in Criminal Matters (2002);

SADC Agreement Amending the Protocol on MLA in Criminal Matters (2017);

Electronic Commerce and Transactions Bill (2013);

Computer and Cyber Crime Bill (2019);

Lesotho Communications Policy (2008);

ICT Policy for Lesotho (2005);

Communications Act (2012);

According to the Mutual Legal Assistance (MLA) in Criminal Matters Act of 2018, MLA can be rendered on serious offences matters for which the maximum penalty is not less than 12 months of imprisonment and whether the crime is committed in Lesotho or a foreign jurisdiction. Section 8(2)(b)(ii) of the Act signifies measures to facilitate the taking of witness statements on behalf of a foreign State. However, the law is not clear on the issue whether the voluntary appearance of persons for the purpose of providing information or testimony to the requesting country could be facilitated. The Act requires dual criminality, and the applicability of a similar threshold on foreign serious offences can an impediment to MLA as other jurisdictions may have lesser maximum penalty than what is prescribed under the Act. (Eastern and Southern Africa Anti-Money Laundering Group, 2018, pp. 4-5)

is a member of the Southern African Development Community (SADC) and has signed and ratified the Protocol on Mutual Legal Assistant in Criminal Matters (2002), which entered in force in 2007. In 2017, it also signed the Agreement Amending the Protocol on MLA in Criminal Matters (2017).

Competent authorities and channels:

• Ministry of Communication Science and Technology
• Lesotho Communications Authority (LCA)