Let’s embrace data protection to safeguard consumers’ privacy rights

Data privacy
Photo credit: Graphic | Courtesy

Navigating society, especially the digital space, is becoming worrisome due to emerging ways in which consumers’ data privacy rights are increasingly infringed, either by default or design.

Often, this results in devastating social and economic effects.

Human beings are social beings, as they cannot thrive in isolation, and the digital space provides a perfect platform for people to meet their social needs.

However, the corruption of these platforms by a few groups and individuals is a sad state of affairs that calls for more action to be taken by regulators, service providers and consumers, to ensure that the right to data privacy is upheld within the entire ecosystem.

Data privacy defines who has access to data, while data protection provides tools and policies to restrict access to the data. 

Compliance regulations help ensure that users’ privacy requests are met by companies and, in turn, companies are responsible for putting in place measures to protect private user data.

Processes and controls 

Since the introduction of the Data Protection Act (DPA) 2019, which governs the collection, handling, transfer and destruction of data of natural persons, many organisations have dedicated resources to ensure they have the right processes and controls to keep any person’s data that they collect, process or store safe to international standards. 

This information is commonly shared via a Privacy Statement or Policy.

Indeed, greater flexibility in the use of data must be accompanied by greater accountability.

The controls and access to personal data must be highly restricted and should only be shared on a need-to-know basis. 

Information should be protected from being accessed or shared without any official reason, and any discrepancies or complaints should be investigated.

Without proper privacy processes and controls, organisations are prone to a high incidence of crimes as well as higher risks of litigation, class action suits and damage to their reputation arising from misuse of personal data.

Ultimately, this results in a loss of customer trust in the organisation, reduced market share and financial losses. 

It is, therefore, very important for privacy risks to be proactively managed and data closely guarded.

At Safaricom, through our annual sustainable business report, we have been transparent about the steps we have taken to uphold data privacy, and the actions taken against those who violate the safeguards put in place. The report continues to be of paramount importance to us and our reputation, showing that we take a proactive stance against any attempts to abuse an individual’s rights to uphold the privacy of their data.

Currently, one of the main risk areas — where an individual’s privacy is infringed and their data used for nefarious deeds — is identity theft. 

Fraudsters understand that this is a big opportunity because, in today’s world, your identity is linked to your money. 


Mobile phones in Kenya are a gateway to accessing financial services, making it a lucrative, illegal venture for fraudsters to access private data that would enable them to steal from unsuspecting Kenyans.

Seeing the need to protect our customers’ private data, and to bolster efforts to curb fraud, Safaricom has continued to provide several self-service safeguards, including the option to prevent unauthorized SIM swaps by dialling *100*100#, ensuring that SIM swaps can only be done in person at a Safaricom shop. 

As part of a wider effort across the telecommunications sector, subscribers can confirm the phone numbers registered using their identification documents and report any unknown numbers via *106#.

Additionally, the company asks customers questions to verify their identity whenever they call or visit Safaricom shops. 

Equally, call records or M-Pesa statements are only shared via secure channels with a verified owner following authorised requests. 

To further protect our customers, we only communicate on phone via our official line 0722 000 000, not through other numbers as the fraudsters do.

Reporting tool 

The company has also improved its fraud reporting tool, which is available via SMS line 333. 

All reports are investigated by a dedicated team with the support of law enforcement agencies, and the reporting subscriber receives regular updates on the status of their complaint.

A notable development in the conversation around data privacy is that today, companies can compete based on better security and privacy protections, transforming trusted technology into a competitive advantage. 

True to this, most organisations already recognise that increasing consumer trust through steps such as better data privacy can improve profitability.

As we mark Privacy Day this year, let us resolve to take proactive steps to embrace data protection. 

Only through respect for data privacy, will we be able to enjoy the benefits of new technologies with confidence.

Mr Mulila is the Chief Corporate Security Officer at Safaricom PLC