In the wake of the digital transformation across various sectors of the economy, data management, including processing and utilization is an integral component of any organization’s activities, no matter how big or small they are. Additionally, the benefits of data-driven decision making are immense and can significantly impact planning as well as the growth trajectory of your business
It is against this backdrop that the Council of Governors (CoG) ICT & Knowledge Manangement Committee in collaboration with the Office of Data Protection Commissioner (ODPC) on 20th November 2023, held a sensitization meeting to equip CoG staff with key insights on the need for data privacy and data protection in Kenya.
“As digitalization increases, so does the risk of your personal and institution data. As an institution, you should ensure that activities including CCTV surveillance and photography are carried out in compliance with the laws set by the office of ODPP” noted Mr Momanyi, an officer from the ODPC while undertaking the staff training. The session highlighted data protection laws and regulations, data breach prevention and response, secure data handling practices and best practices for data protection compliance. The team was taken through ways in which personal data is collected and used without the consent of data owners. For instance, you sometimes receive messages on your phone informing you about certain products in the market, a service or an event. How, you often wonder, do senders of such messages get your numbers?
When you enter a building, and you supply your name, ID number and phone details, do you also consent to your information being used in any other way, other than the reasons for giving your details? Is it legal for a building management to require your personal information to allow you access to that building? Does it bother you that your personal information is accessible and used without your consent? These are some of the simple yet crucial aspects that you need to consider when it comes to data protection.
Article 31 of our Constitution safeguards the right to privacy. It provides that every person has the right to privacy, which includes the right not to have their person, home, or property searched, their possessions seized, information relating to their family or private affairs unnecessarily required or revealed, or the privacy of their communications infringed.
It was highlighted that the right to privacy is embedded in the Data Protection Act, 2019 (the “Act”) which is based on the idea that every human should have space to develop autonomously, have the liberty to interact with others, free from oppressive State intervention and extreme uninvited interference by other unwelcome individuals. on data protection, there are basic principles that ought to be considered. First, personal information should not be collected if there is no reasonable justification given for the
same. If it is collected, it must be used only for the purpose for which it was collected, and must not be revealed to others, in a way that makes it possible to connect the information to the person it is about without that person’s consent.
The Act and regulations have tried to address some of the problems that members of the public have been experiencing. For instance, commercial use of personal data to target marketing is regulated, and messages telling people they can opt-out of receiving marketing communications must be very clear, and the process is free and simple.
