The Government is alarmed at the amount of data being collected on citizens and held by private firms.
Information, Communication and Technology Cabinet Secretary Joe Mucheru said the ministry is concerned with the associated risks of firms having such data, including intrusion of privacy as companies seek to grow profits.
Corporates ordinarily collect personal data from their customers, mostly for the “know your customer” requirements, but this is in turn used to push products to the public.
Mr Mucheru said the amount of personal data that companies are collecting and how they are using the data is now a matter of concern.
“There is growing concern on the subject of big data with regards to how private entities are actively collecting and keeping citizens’ data and how this data is used,” he told a gathering of industry experts at the Connected Summit in Kwale last week.
While Kenyans voluntarily give personal information by accepting terms and conditions drafted by the corporates, they also rarely read these conditions, some of which give leeway to the companies to use the information for purposes other than what they were originally collected for.
Mr Mucheru challenged the participants at the annual ICT meet to recommend “policy, regulatory and operational interventions necessarily to ensure extraction and management of citizens’ data is for mutual benefit of both the Government, private sector and the citizen”.
The concerns are despite little or no push by the Government to get in place laws that would protect Kenyans as well as require corporates to handle such information with caution.
Since 2011, there have been several attempts to put in place a data protection law, but this has always met hurdles, including resistance by companies handling huge amounts of data from Kenyans.
Such a law would actualise Article 31 of the Constitution that protects Kenyans from unnecessarily being asked for personal information and also requires institutions to handle such information in confidence.
The article says Kenyans have rights not to have information relating to their family or private affairs unnecessarily acquired or revealed.
The concerns by CS Mucheru are also come against revelations that law enforcement agencies usually place personnel within such entities with access to information on Kenyans such as telecommunications companies so as to access personal information and also intercept communication. The CS also said the Cyber Security Bill, which contains aspects regulating handling of personal data by service providers, is set for debate in the National Assembly after Cabinet approval.
He noted that instances of hacking are growing as more companies and the Government functions go online, prompting the need for a strong set of laws to deal with online criminals that have in the recent years caused companies, including financial service providers, to lose billions.
“The Government is alive to emerging threats that come with increased use of ICT as an enabler of business and development. We have drafted the Cyber Security Bill that awaits debate and enactment in Parliament.