Firms are ‘selling’ your personal data without consent
By Graham Kajilwa
| July 23rd 2021
Do you get those annoying SMS alerts showing you have subscribed to a certain service? And even when you unsubscribe you still get messages from the same or other organisation?
It means your personal information, which you disclosed to one firm, is likely to have been sold to another without your consent.
A survey report by consulting firm Ernest & Young (EY) shows six out of 10 (59 per cent) organisations in Kenya transfer personal data in their custody to third parties, sometimes for commercial gain.
It also shows your spending habits and identity are the two leading sets of data that are pricey, largely transacted at 47 per cent each.
Others include details such as phone numbers.
According to the report released Thursday, while 59 per cent of organisations transfer personal data to third (and subsequent parties), just 47 per cent seek consent from the subjects.
Reasons for sharing of the information include analytics, card processing, financial transactions, SMS alerts for customer transactions and investigations into fraud by law enforcement.
Others are service provision, vendor support, joint product offering and mobile banking.
The survey was conducted between November 2020 and February 2021 and interviewed senior executives, legal officers and those involved in risk technology.
Respondents were from sectors including banking, insurance, asset management, manufacturing, fast-moving consumer goods, and telecommunication and financial services.
Data Commissioner Immaculate Kassait said people should be wary of who they share their personal information with and why.
“For example, when you take your clothes to the laundry, you will be asked your number, where you live and you end up giving your whole biography. We should shift our minds on sharing information freely,” she said.
Ms Kassait said simple details such as residential information shared in an estate setting should require consent. “You should ask yourself; the people you are sharing information with, where do they take it?”
Kenya enacted the Data Protection Act in November 2019.
The EY survey shows that mobile or web applications (39 per cent) are the leading channels for getting consent followed by email (37 per cent). The rest (24 per cent) include SMS and physical signed forms.
Forty-five per cent of organisations, according to the survey, have ways for people to access their personal data through online portals.
Another 37 per cent access via mails and 18 per cent use other means such as physical visits.
EY Partner and Technology Consulting Leader Robert Nyamu said millennials and Generation Z lead in inquiring into the safety of their data.
“Young people want to work with organisations that handle their data responsibly,” he said. “We know this population spend most of their time online.”
He said the Data Protection Act and the subsequent regulations will streamline the sector further.
“Data protection and privacy is not a purely compliance issue but it has been proved in other markets that it can be the competitive edge for an organisation,” Mr Nyamu said.
Why Kenyan steeplechasers face huge barriers in Tokyo contestThe writing is on the wall. From today, Kenya's men and women's 3000m steeplechase team face an uphill task at the Olympic Games in Tokyo, Japan.
Milimo case: Two missing boys were strangledTwo of the boys whose bodies were found after a man claimed he was behind their deaths were strangled while the other succumbed to head injuries.
Happy ending for brave Form Two student begging for school fees on city streets
- Governor Hillary Barchok taken to task over hiring staff from the same community
- Kenya Power board kicked out of House as key meeting aborts
- Governor Chepkwony now opposes James Finlay's move to sell flower farm
By Nikko Tanui
- Woman dies while reporting ‘stubborn’ daughter to police
By Brian Okoth
- Officer arrested over link to 2,040 bullets found in Embakasi car
By Jael Mboga