How data protection laws can safeguard the privacy of Kenyans
Opinion
By
Nicholas Mulila
| Feb 06, 2022
The world is rapidly evolving as concerns grow over data privacy.
Over 40 years ago, it was a status symbol to have a fixed-line phone or your name and number published in a telephone directory. Today, it is more about privacy. If someone calls on your mobile, you will ask how he or she got your number.
The press is also awash with stories touching on data privacy.
In the telco industry, there are concerns over customers receiving unsolicited marketing messages or fraudsters calling people using personal information.
READ MORE
Private developers eye deeper presence in Coast region
CS Kabogo: Digital economy now established, focus shifts to governance and accountability
How Ruto's aggression over fuel prices with EAC neighbours strains ties
Ruto opts for electric cars to escape high fuel prices
Kenya, Netherlands moot corridor to link EAC and Europe
Coastal property developers bank on Badawy to spearhead expansion strategy
Kenya to host Africa's digital economy summit as push for unified market intensifies
Afreximbank launches third AfCFTA bootcamp, firms urged to tap trade pact
Africa urged to plug leakages, mobilise local capital as global funding dries up
It is for this reason that Safaricom has been at the forefront of educating customers about data privacy, which entails the protection of information that refers directly to a person.
Issues around the collection, use and protection of personal data have gained traction, resulting in the institution of laws and regulations to ensure individual rights are protected, and appropriate penalties are defined for non-compliance.
The most influential global regulation in this space is the General Data Protection Regulations of the European Union, which imposes fines and penalties for privacy breaches.
These regulations were passed in April 2016 and implemented in May 2018. In Africa, Kenya is among the countries that have sought to regulate the access and use of personal data by passing a Data Protection Act in 2019.
The Act also set up the Office of the Data Protection Commissioner (ODOPC) to regulate data protection. These laws and regulations seek to protect any information that may identify a person such as a name, identity card number, gender, location, or any other piece of personally identifiable information.
It also provides guidelines on the dos and don’ts of doing so, including the rights of an individual with regards to their personal information.
Safaricom has put in place robust measures towards the implementation of the Data Protection Act. Our efforts go beyond compliance. We protect our customers’ data to keep their trust. Our reputation depends on it.
We have a fully-fledged team whose job is to oversee and ensure Safaricom is protecting data. We have also set out data protection policies to guide how personal information is collected, processed, stored and destroyed.
Every time we begin a new process, system or product that involves the use of personal information, we conduct a Data Protection Impact Assessment to ensure the correct processes and controls are in place to keep personal information safe.
It is a requirement that data breaches be reported to the ODPC.
The writer is the Chief Corporate Security Officer at Safaricom Plc