Political parties are most notorious for violating Kenyans’ private data, the data protection commissioner’s office has revealed.
Data commissioner Immaculate Kassait says in a report to parliament on the occasion of her one-year term of office of the 352 complaints who received her office concerned 291 political parties.
Another 33 complaints were filed against money-lending platforms, while 28 were related to other forms of processing of personal data.
“The number of complaints and data breaches are expected to increase dramatically as more Kenyans become aware of their rights and available mechanisms to protect their personal information, “said Kassait.
She said her office had registered the complainants with the Office for the Register of the complainants political parties to include an “opt-out mechanism” by political parties when processing personal data.
“Von den e Incoming complaints were investigated and resolved 291. However, 61 complaints are still active and investigations are ongoing. “
In the report, Kassait said organizations violating the Data Protection Act would face heavy fines of up to two percent of their annual turnover.p>
“Many organizations need a data protection officer to ensure compliance with the law. A renewed emphasis on organizational accountability requires proactive, solid data protection governance, “said Kassait.
Kassait added that developments would require organizations to review their data protection policies to make the requirements easy to understand make and ensure compliance.
She further told MPs that the requirements of the law represent a need to change the way technology is designed and managed.
“Documented Data protection impact assessments are required to deploy large new systems and technologies which are likely to pose a high risk to the rights and freedoms of data subjects, “the report reads.
Enterprises, added the Commissioner, would need the regulators all. report data breaches within 72 hours in line with new approaches to data security and incident response procedures.
“The concept of data protection is now being enshrined in law, and the data protection impact assessment is expected to be rolled out across organizations in the next Years ago, ”she said.
The Commissioner added that companies are expected to“ get more involved in data masking, pseudonymization and encryption ”.
Kassait called on the Convene a delegated legislative committee to the National Assembly to give priority to the adoption of the data protection legislation in 2021.
Part of the provisions requires that all organizations, including the IEBC, host their data servers locally to curb problems with accessing such information. < / p>
The IEBC would therefore be obliged to update their election data and transmission servers before the parliamentary elections in 2022 in the Lan d to host.
Citing the high expectations of the Kenyans, Kassait wants MPs to get the government to fully operationalize their office in terms of staffing, ICT and the completion of data laws to speed up.
The Commissioner reported plans to move the Data Protection Office Commissioner from the headquarters of the Communications Authority to the Britam Towers.
(Edited by Bilha Makokha)