Story by Sally Namuye
The Office of Data Protection Commissioner (ODPC) says it will take stern measures against companies that breach the privacy of their users’ personal data.
According to Yusuf Momanyi, a data protection officer, ODPC will mostly focus on banks betting firms, digital lenders and online retail shops.
Momanyi says they have received over 2000 complaints since February 2022 which were mostly from digital lenders. To curb this, the ODPC office has penalized Digital Lender Whitepath Limited and a city working space provider over allegations of breach of data privacy.
“We have carried out an audit on 10 digital lenders over misuse of customers data following complaints from the public. The issue is not to stop the data collection, but to have parameters within which those sensitive personal data sets can be collected, stored, accessed and shared. Don’t over collect information about people, without justifications, “said Momanyi..
The illegal access to personal data attained by individuals, companies and some government agencies are often used for blackmail, identity theft, intimidation, targeted advertising and extortion and a person found liable upon conviction with be fined heftily or face a two term imprisonment.
Nakuru Deputy Governor David Kones observed that there has been an upsurge in the amounts of data created and processed by organizations where most private firms, government agencies and departments in the country collect data from their customers, employees, suppliers or service, a development that posses as a great threat to personal data security.
“Data collected by organizations ranges from IP addresses, search histories, location, credit card numbers, purchase histories, among others. Inevitably, every organization is likely to touch on private data of thousands or millions of individuals at some point,” explained Kones.
The Data Protection (General) Regulations, 2021 that took effect from March 14th 2022 provide for rights of a data subject and limitations to commercial use of such information. It also explains the roles of data controllers and processors, the communication of data breaches and the transfer of data outside Kenya.
