Protection of Personal Data

Data protection or Data Privacy (Information Privacy) is the new regular bullied kid on the streets of Nairobi.
Orange Kenyas employee last week incident raises a lot of questions on how secure is the data we trust
them with. Clearly the data they collect and how they use them needs to be questioned, regulated and
clearly outlined as to how and what extend/ level they can manage such information.
It is merely question of what information they collect and what they use it for? But before I dig deeper into
that, let me highlight some of the flaws depicting luck of a know-how and proper policy regulation in the
sector.

What is the relationship between your Cellphone contacts and Security Entrances?
I happen to be the one of those people who never leave my contacts in the security entrances. Have you
ever asked yourself why and how is it that they need this data, even after leaving your ID with them? While
you struggle with that, would you share your contacts with a stranger you just met along Moi Avenue? No,
unless theres a connection and a reason to trust.
You may know this; most companies outsource Security Guard Services in Kenya. That brings in a third party,
whom you need to trust with your data. While most security guards are not very conversant with Data
protection, but Property protection! And even if that was the situation, does their Legal Contract highlight on
these issues?
We should be cautious on how much and what extend of information we share in public. Giving out of so
much Personal Details to the public is just a step into a fraud world, more so in this web village world. Stolen
identities and loss of properties will be your regular visitor.
There is NO relationship between your personal cellphone contacts with security checks, you may give your
office contacts though.

How safe is your Personal Data?

A large percentage of data loss is by employees within the Organization.
Your data safety is highly dependent on you and your environment. The environment being your Friends,
Government institutions and the Places/People you associate with. We all receive mobile SMSs/ Notifications
from our Banks, Insurances, Clinics etc. But each one of us have had some other institutions contact you mainly
as a marketing text or invitation.
The question is, where do these institutions collect this data? Im talking of WomeninTech, Microsoft, KRU in
my situation, to you it might be SportPesa, BetIn and other short code SMSs. Clearly weve all submitted our
data knowingly or unknowingly to their databases.
Im not sure if the most annoying thing is these institutions sharing our data with other third parties or their
daily annoying SMSs, text or Alerts. How long and how regular do they update their databases? Say delete
my contacts because I ceased being their member or customer. My 2007 Bank still sends me birthday SMSs
and alerts, even after I closed the account.

Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose.
Furthermore, persons or organisations which collect and manage your personal information must protect it
from misuse and must respect certain rights of the data owners which are guaranteed by EU law.
Clearly this is one sector that needs a lot of regularization and deep policy review.
Allow me to highlight on another issue, this time its on you and me, some of us have these things called
Business Cards. Basically most of us have had them printed with almost all of our personal details.
Think about this situation, His Excellency Uhuru Kenyatta gave someone his Business card, in this case with all
his Personal Details, and this guy happens to have dropped it in the streets! While you think of luck, I think
of Information in the wrong hands. Most of us prefer our office contacts being on our business cards.
Cellphones being stolen on the streets not only brings a loss of information but data insecurity. So please be
sure you have online back-ups, phone encryptions or remote wipes for safety of yourself and colleagues.
Another option, which I highly recommend is to have a personal cellphone line, I call it a family number, and
another for public use. That way you can audit your callers. Your contacts being out there, solely depends
on you and your social group.

How safe are the apps and cellphone data in your phone?
This is one field that most people have become victims of data violation, most of the time not knowing. About
four years ago at Westgate shopping mall, just outside Safaricom customer services. A lady comes out of
the shop crying and feeling upset for not getting the necessary help from the shops customer services.
Well her complains were that her calls and copies of SMSs were being shared to her spouses cellphones
and her marriage was breaking apart. To her it was the Service providers fault, but upon checking it was
hers, well there was an installed cellphone spy on her phone. Clearly she wasnt conversant with what apps
were installed in her phone.
All Apps come with privacy policy, we choose to grant them permission on installing to access several features
in our phones. This is one sector full of loopholes and insecurities. Its very wide and what I recommend is you
read on every app Privacy policy and Reviews before Installing.
One other thing is never avoid linking your personal contacts with public accounts. Restrict view of personal
contacts as much as possible.

Do we have enough Data Protection Laws?

Well in Kenya Data Privacy (The Data Protection) still remains wanting.
Kenya seemingly is the Hour Clock arm running after the Seconds Clock arm, when it comes to putting proper
policies, regularization and laws in the ICT sector. The truth is this sector if growing so fast, people are
innovating or borrowing new technologies without the proper lows to regulate them.
Mobile Banking sector is one heavily affected sector. There are a lot of Data Privacy issues affecting the
sector. Millions of Money is lost through fraud, accelerated by lack of proper data privacy policies. While

its good to note of major improvements to gap these fraudulent activities in these sector, it is still clear that
a lot still needs to be done.
For instance, What Banks dont want to tell us is that there is lack of privacy brought in by Mobile Banking
Agents. This is because we end up trusting Mobile Banking Agents with our Personal details and records of
our Financial Transactions.
They need to work on taking away some records from their agents hands or better still bound their agents
to a law and regular audit.
Not only are we slow in putting proper regulations in place but even introducing Industrial driven ICT
curriculums in our Higher Educations. We import some technologies and spend years before a curricular is
introduced to generate enough skills to steer regulations in the sector.
One would think Kenya having an upper hand on Mpesa Mobile money transfer would have set up a
Curriculum in the University, let alone research institution on these technologies.
Under the 2009 SCIENCE, TECHNOLOGY, INNOVATION POLICY AND STRATEGY, it is recognized that
social and economic growth of any country is largely a result of the transformation of knowledge, science
and technology into goods and services. Integration of ST&I in national production processes is central to the
success of Governments policy priorities and programmes as outlined under Kenya Vision 2030.
In the meantime, take time to learn about new technologies and dont be so fast to use them before
understanding their Data Privacy Policies. Plus, please consult with and IT conversant person or trust your
search Engine reviews.

The power is on your hands.

The choices you have is to be wise and cautious. This is a chameleon sector, every day a new technology is
on the market and the power to protect your data is handed to you, so you better know where to tick,
ignore or put on pending.
There is so much power placed on you as a user. Dont just click agree or install. Read those tedious terms,
its a data world.
CTRL+Shift. Del. are here to stay.
It isnt new that social networking sites and Apps are growing fast and taking an integral active part of
many lives, a large percentage of Kenyan youth population use either of the social networks, but you
probably wont be happy to know that the social media is also being used by marginal (criminal) groups in
society-, Burglars, Drug peddlers, Inciting Tool etc.! TO BE CONTINUED