Compliance evaluation of information privacy protection in e-government systems in Anglophone West Africa using ISO/IEC 29100:2011

Abstract

Due to various reasons, only few researchers focused their investigations on the current status of information security and privacy protection of e-Government services in Africa. This paper attempts to partially fill the gap by reporting on the compliance evaluation of privacy protection in e-Government systems in the countries of Anglophone West Africa, namely in Ghana, Nigeria, Liberia, Sierra Leone and Gambia. In the countries, e-Government services have become one of the most important and efficient means by which government interacts with citizens. The ways to facilitate information privacy protection in e-Government systems of a given country include enactment of a comprehensive information privacy regulation. The regulation serves as a legal framework that considers internationally accepted privacy protection principles, such as those of the ISO/IEC 29100:2011, and applicable guidelines of the U.S. NIST SP 800–53 Rev.4. In this paper, the privacy principles of the ISO/IEC 29100:2011 serve as a baseline for evaluation of the content of privacy protection regulations of the Anglophone West African countries. The paper also reports results of a passive security reconnaissance performed on selected e-Government websites. While the paper acknowledges recent progresses made in the area of privacy protection in the countries of Anglophone West Africa, recommendations are provided to mitigate the identified gaps.