By Henry Owino

Nairobi, Kenya: The Office of the Data Protection Commissioner has managed to resolve 75 percent of data complaints from the public.  Members of the public are encouraged to report complaints relating to data privacy within 72 hours to enhance faster tracking and resolutions.

According to Emmaculate Kassait, the Data Protection Commissioner, personal information should be protected from being accessed or shared without any official reason, and any discrepancies or complaints should be investigated.

Kassait pointed out that the Office of the Data Commissioner has made some milestones by issuing registration certificates to a total of 5195 entities and received a total of 5,315 complaints since the enactment of the Act. 

She disclosed that since then, out of the complaints received, the office has issued 106 determinations, 60 enforcement notices, and 9 penalty notices to ensure that data controllers and processors comply with data protection regulations.

Kassait made the remarks while addressing journalists on issues pertaining to the Data Privacy Act of 2019. This comes ahead of a conference on the Network of African Data Protection Authorities (NADPA)- Annual General Meeting (AGM) scheduled between the 7th – and 8th of May, in Nairobi, Kenya.

She explained that NADPA was established in Ouagadougou in September 2016, to serve as a unifying platform for African privacy and data protection authorities from different regions. The organization aims to facilitate exchanges and cooperation among its members while amplifying Africa’s voice in global data protection discussions.

Emmaculate Kassait, Commissioner, Data Privacy Protection.

Currently, there is worrisome in the society due to emerging ways in which consumers’ data privacy rights are increasingly infringed either by default or design. Data privacy defines who has access to data while data protection provides tools and policies to restrict access to the data.

The introduction of the Data Privacy Act, of 2019 in Kenya, it governs the collection, handling, transfer, and destruction of data of natural persons, many organizations have dedicated resources to ensure they have the right processes and controls, to keep any person’s data that they collect, process or store safe to international standards.

According to Emmanuel Kata, Principal Secretary in the Ministry of ICT and Digital Economy, as Kenya is hosting the NADPA-AGM and Conference, it serves as a pivotal platform for knowledge exchange. It is a chance to share experiences among African data protection authorities.

Kata said the conference brings together players in the tech and data protection industry which presents the opportunity to fortify the implementation of robust data protection frameworks, setting the stage for a more secure and responsible digital landscape across the continent.

“It is barely a week since we hosted the Connect Summit and we are glad to host another global conference, the 9th AGM in Kenya that presents a unique opportunity to showcase Kenya’s unwavering dedication to data protection and its position as a Silicon Savannah,” Kata stated.

Kata assures the participants of a delving discussion into nuances of data protection trends across various African countries, gaining insights into best practices, and fostering partnerships to advance data protection initiatives on the continent.

Since human beings are known to be social beings, they cannot thrive in isolation, and the digital space provides a perfect platform for people to meet their social needs. Unfortunately, the corruption and misuse of these platforms by groups and individuals have become a sad state of affairs. 

This calls for more actions to be taken by regulators, service providers, and consumers to ensure that the right to data privacy is upheld within the entire ecosystem.

Without proper privacy processes and controls, organizations are prone to a high incidence of crimes as well as higher risks of litigations, class action suits, and damage to their reputation arising of misuse of personal data. 

Compliance regulations help ensure that users’ privacy requests are met by companies and in turn companies are responsible for putting in place measures to protect private user data.

The control and access to personal data must be highly restricted and should only be shared on a need-to-know basis. Data use must therefore be accompanied by greater accountability.

It is, therefore, very important for privacy risks to be proactively managed and data closely guarded. Currently, one of the main risk areas is where an individual’s privacy is infringed and their data used for nefarious deeds; is identity theft.

Ultimately, this results in a loss of customer trust in the organization, reduced market share, and financial losses.