The world is rapidly evolving as concerns grow over data privacy.
Over 40 years ago, it was a status symbol to have a fixed-line phone or your name and number published in a telephone directory. Today, it is more about privacy. If someone calls on your mobile, you will ask how he or she got your number.
The press is also awash with stories touching on data privacy.
In the telco industry, there are concerns over customers receiving unsolicited marketing messages or fraudsters calling people using personal information.
It is for this reason that Safaricom has been at the forefront of educating customers about data privacy, which entails the protection of information that refers directly to a person.
Issues around the collection, use and protection of personal data have gained traction, resulting in the institution of laws and regulations to ensure individual rights are protected, and appropriate penalties are defined for non-compliance.
The most influential global regulation in this space is the General Data Protection Regulations of the European Union, which imposes fines and penalties for privacy breaches.
These regulations were passed in April 2016 and implemented in May 2018. In Africa, Kenya is among the countries that have sought to regulate the access and use of personal data by passing a Data Protection Act in 2019.
The Act also set up the Office of the Data Protection Commissioner (ODOPC) to regulate data protection. These laws and regulations seek to protect any information that may identify a person such as a name, identity card number, gender, location, or any other piece of personally identifiable information.
It also provides guidelines on the dos and don’ts of doing so, including the rights of an individual with regards to their personal information.
Safaricom has put in place robust measures towards the implementation of the Data Protection Act. Our efforts go beyond compliance. We protect our customers’ data to keep their trust. Our reputation depends on it.
We have a fully-fledged team whose job is to oversee and ensure Safaricom is protecting data. We have also set out data protection policies to guide how personal information is collected, processed, stored and destroyed.
Every time we begin a new process, system or product that involves the use of personal information, we conduct a Data Protection Impact Assessment to ensure the correct processes and controls are in place to keep personal information safe.
It is a requirement that data breaches be reported to the ODPC.
The writer is the Chief Corporate Security Officer at Safaricom Plc