Privacy breaches overtake phone service complaints to CA

privacy breaches

Confidentiality and privacy breaches now top the number of complaints to the Communications Authority of Kenya.

Photo credit: Shutterstock

Confidentiality and privacy breaches now top the number of complaints to the Communications Authority of Kenya (CA), overtaking the traditional dominant concerns over poor phone and data services.

Records show that the regulator received a total of 180 complaints on various issues over the three months to June this year with 47 of them relating to alleged breaches of confidentiality and privacy.

This means that concerns over confidentiality and privacy breaches accounted for 26percent of the total complaints filed over the period—dwarfing all other grievances including; poor phone and data services(21percent), fraudulent calls and SMS(10.5percent), frequency interference(6.1percent) and unauthorised charges and subscriptions(5.5percent) among others.

Theft of data and breach of privacy remains a major concern in Kenya given the sizably digitised nature of the country’s economy. The vast majority of data breaches are caused by stolen or weak credentials which are exploited by malicious criminals to access sensitive databases such as bank accounts and mobile wallets.

Many Kenyans have over the years complained about the illegal sharing of personal information and invasion of privacy by marketing firms and some companies promoting products and services, which also see private security companies collecting data at premises' entrances also register.

Commonly stored data by businesses include ID numbers, phone numbers, employee records, customer details, and transactions. Sharing or offering for sale personal information is now criminal and could land those responsible for their safe storage jail terms of up to six months or fines of up to Sh5 million.

The Data Protection Regulations, 2021, which were gazetted in January 2022, require mandatory registration of data controllers and data processors including entities collecting and storing data.

The regulations target all public and private entities that deal with personal data including non-governmental organisations (NGOs) and churches.

But the theft and breach of privacy are not the only issues at hand. There is also the matter of ownership of the data that is collected by public bodies but exploited and monetised by private monopolies.

Besides the privacy breaches, poor voice and data quality remained a major concern among consumers—keeping telecommunication firms in the spotlight.

The regulator has set an 80 percent service quality compliance threshold for mobile cellular service providers. The assessment is based on how an operator performs on eight key parameters as picked up in different parts of the country.

The eight parameters include the call set-up time – the period between the end of dialing a telephone call and the start of voice or data transmission; completion of calls – the number of calls that are completed on a network satisfactorily compared to the total number of call attempts made by callers; call set-up success rate – the number of attempts to make a call that result in a connection to the dialed number; speech quality – clarity; drop call rates – a phone call that is terminated by the network unexpectedly as a result of technical reasons.

Call handover success rate – when a mobile handset moves out of one cell to the next and is handed over automatically from the base station of the first cell to that of the next with no discernible delay; the strength of received signals is also considered in determining compliance.

Telcos in breach of the requirements on the quality of calls and other service outages as a result of omission on their part risk a fine of up to 0.2 percent of their revenues, which could run into hundreds of millions.