Why your personal data must be secured at all costs

data protection Act

The data protection Act gives guidelines in many areas of personal information handling.

Photo credit: Shutterstock

There has been a lot of talk about data protection in Kenya of late. Does that mean our information is being protected? Is our personal data safe? Last week, I listened to the office of data protection commission of Kenya speaking about data security. It got me very curious. I did not even know that there was an office in charge of data protection or that entities that control or process data need to register.

At least I knew that we have a robust data protection law. The ODPC is mandated to regulate the processing of personal data and protect the privacy of all individuals residing in Kenya. The presentation by the commissioner got me wondering: is our data really protected? Do we, as citizens and customers, have privacy?

As citizens and customers, our data can be found everywhere. The government knows so much about us. Businesses have vast quantities of personal information on their customers. How well protected is that data? What rights do customers have regarding their data? What responsibilities do governments and businesses have regarding their data?

Stray messages

Every time I get a stray message from those offering quick loans, I wonder where they got my telephone number from and if they had a right to use it. When I receive promotional messages, I am left to wonder whether I had given consent to receive such messages or if I had the opportunity to unsubscribe from the messages.

When I see next of kin details or medical records not kept safely, I wonder whether that too is just ignorance or a deliberate breach of data protection. I have even started thinking about sharing photos without consent. Is it not a breach of privacy?

The Data Protection Act came into effect in November 2019, followed by the Data Protection Regulations in 2021. Before these regulations, the banking industry seems to have been far ahead in advocating for customer privacy. I remember many years back, in our effort to pay off a relative’s loan, the bank refused to tell us the loan balance.

Financial institutions are required to know their customers and, as such, one has no option but to share personal information. They also collect so much financial well-being information during the lives of their customers. We often feel that our data is safe with the banks; after all, our money is safe.

Telephone number

This is not always the case with all other service points where our data is collected and stored. I am one of those Kenyans that does not feel obliged to give my name, telephone number, and identity card numbers to every security guard. I do not trust the guards or most of the security companies with my personal information. I usually imagine that this information could be put up for sale or used in fraudulent ways. How are these security firms protecting this data?

The data protection Act gives guidelines in many areas of personal information handling. The act stipulates the rights of a data subject; the collection of personal data; the duty to notify; lawful processing of personal data; conditions for consent; processing of personal data relating to a child; and processing for direct marketing, among other areas.

Businesses need to have a data protection policy aligned to the Act. As citizens and customers, we have a right to find out how our persona data will be protected by those handling it.

Dr Lucy Kiruthu is a Management Consultant and Trainer. Connect via Twitter @KiruthuLucy