How Data Protection Laws Can Protect Kenyans’ Privacy
The world is changing rapidly as concerns about data privacy grow.
More than 40 years ago, it was a status symbol to have a landline or to have your name and number listed in a phone book. Today, it is more a question of confidentiality. If someone calls your mobile, you’ll ask them how they got your number.
The press is also inundated with stories about data privacy.
In the telecommunications industry, there are concerns about customers receiving unsolicited marketing messages or scammers calling people using personal information.
It is for this reason that Safaricom has been at the forefront of educating customers about data privacy, which involves protecting information that directly relates to a person.
Issues related to the collection, use and protection of personal data have gained ground, which has led to the institution of laws and regulations to ensure the protection of individual rights and the definition of appropriate sanctions. in case of non-compliance.
The most influential global regulation in this space is the European Union’s General Data Protection Regulation, which imposes fines and penalties for privacy breaches.
These regulations were passed in April 2016 and implemented in May 2018. In Africa, Kenya is among the countries that have sought to regulate the access and use of personal data by passing a data protection law in 2019.
The act also created the Office of the Data Protection Commissioner (ODOPC) to regulate data protection. These laws and regulations are intended to protect any information that could identify a person, such as a name, ID card number, gender, location, or other personally identifiable information.
It also provides guidelines on do’s and don’ts, including an individual’s rights with respect to their personal information.
Safaricom has strong measures in place for the implementation of data protection law. Our efforts go beyond compliance. We protect our customers’ data to maintain their trust. Our reputation depends on it.
We have a full team whose job it is to oversee and ensure that Safaricom protects data. We have also set out data protection policies to guide how personal information is collected, processed, stored and destroyed.
Whenever we start a new process, system or product that involves the use of personal information, we carry out a data protection impact assessment to ensure that the appropriate processes and controls are in place to ensure the security personal information.
It is mandatory that data breaches be reported to the ODPC.
The author is the Director of Corporate Security at Safaricom Plc