Data breaches have cost companies hundreds of millions of dollars in lawsuits globally, with regulators determined to crack the whip on reckless collectors, controllers and processors of people's data.
On August 29, 2022, the US Federal Trade Commission (FTC) sued data broker Kochava Inc for selling geolocation data from hundreds of millions of mobile devices that could be used to track consumers, Reuters reported.
The FTC was afraid consumer data could be used to trace people's movements to and from sensitive locations including "reproductive health clinics, places of worship, homeless and domestic violence shelters, and addiction recovery facilities," with Kochava calling the FTC action "frivolous."
It was not the first case of a suit related to the data breach.In 2021, Amazon's financial records revealed that officials in Luxembourg issued $877 million (Sh105.24 billion) for breaches of the General Data Protection Regulation (GDPR), according to the cybersecurity website CSO.
The website claimed that the fine "is believed to involve cookie consent." CSO also reported that Chinese ride-hailing firm Didi Global had to pay $1.19 billion (Sh132.8 billion) after the Cyberspace Administration of China "decided that the company violated the nations' network security law, data security law, and personal information protection law".
- Giving patients power over their records
- This is why we need to safeguard patient privacy
- A robust data plan will heal our health sector
After a three-year investigation, WhatsApp was fined $255 million (Sh30.6 billion) in August 2021 for a series of GDPR cross-border data protection infringements in Ireland.
Dr Bright Gameli, a cyber-security engineer and researcher, says abuse of subscriber data is a common practice for companies that feel they have a way around Data Protection Commission's rules.
"People get scammed a lot of times. Phishing has become rampant due to data going to the wrong people. Data is a priceless asset that is now prone to rampant misuse," he says.
According to the Data Protection Act 2019, the illegal selling of data may attract a fine not exceeding Sh3 million or an imprisonment term not exceeding ten years, or both.