× Business BUSINESS MOTORING SHIPPING & LOGISTICS DR PESA FINANCIAL STANDARD Digital News Videos Health & Science Lifestyle Opinion Education Columnists Moi Cabinets Arts & Culture Fact Check Podcasts E-Paper Lifestyle & Entertainment Nairobian Entertainment Eve Woman Travelog TV Stations KTN Home KTN News BTV KTN Farmers TV Radio Stations Radio Maisha Spice FM Vybez Radio Enterprise VAS E-Learning Digger Classified Jobs Games Crosswords Sudoku The Standard Group Corporate Contact Us Rate Card Vacancies DCX O.M Portal Corporate Email RMS
×

Overcoming data protection challenges in financial institutions

OPINION
By Davis Ayako | Oct 31st 2021 | 3 min read
By Davis Ayako | October 31st 2021
OPINION

The threat of data misuse and theft makes data security a key concern for consumers and regulators.

The risk of data theft and tampering has given rise to a number of data protection measures, both at the systemic and institutional levels.

The risk of infringing on a customer’s privacy is growing, given the increased frequency and granularity of the data being collected and advances in the technology for processing the same.

The enactment of the Data Protection Act into law in November 2019 was a watershed moment for Kenya.

Designed to bring the protection of personal data from misuse, the Act presents a significant step forward.

It facilitates lawful use of personal data - strengthening individual rights. The Act was operationalised through the appointment of a Data Commissioner in November 2019.

The Act governs the use, processing, and archiving of personal data. It establishes the Office of the Data Protection Commissioner and makes provision for the regulation of the processing of personal data.

It also stipulates the data producers’ rights and specifies the obligations of the data controllers and processors. Even then, the implementation of the Act has not come without challenges, especially for banks and other financial institutions.

The new data regulations coincided with changing customer attitudes to data protection, compelling banks to meet stronger privacy standards.

For starters, the implementation of the Data Protection Act has brought with it an inevitable change in culture. The Act has brought a significant change in terms of how data relating to data subjects are handled.

This has necessitated the training of staff in various financial organisations on the provisions of the Act as well as educating data subjects on the same, and their rights under the Act.

Secondly, while this law is applicable in institutions handling public data, the customers in these institutions have varying levels of knowledge. As a result, it may be challenging for customers with little education to understand their rights and the legal requirements of the Data Protection Act, including the customer’s right to request a bank to erase their data, update their data or share their data with another bank.

Thirdly, Section 32 of the Act provides for conditions of consent. Even then, banking entities should ensure this consent is “informed”, which means that the customer ought to understand data processing activities and their implications on their rights.

However, in rural and low-income communities, the data subjects may not understand their rights. Under section 40 (b) of the Act, a customer may not be aware of their right to have a bank erase all their data.

The Act gives a customer the right to request one bank to transfer data to another lender which is impractical.

The requirement seems unfair as it would appear to promote “poaching” of customers. The law calls for the hiring of a Data Protection Commissioner - imposing an extra cost on the bank. It may necessitate a restructure to accommodate the new position and the creating of a new workstation.

There may be a need to hire an advocate to formulate or review the current privacy policy, reprint Know Your Customer and Terms & Conditions documents among other costs.

Davis Ayako is the Head of Data and Analytics at SBM Bank Kenya

Share this story
How to check if you are listed on CRB
CRB companies have records of at least 14 million Kenyans, including defaulters and compliant borrowers
China rejected Kenya's request for Sh32.8b debt moratorium
China is Kenya’s largest bilateral lender with an outstanding debt of Sh692 billion.
.
RECOMMENDED NEWS
Feedback