Kenyans’ data and private information collected and stored by such firms as mobile operators, internet service providers and hospitals risk continued illegal use and even trading if the proposed Data Protection Act is implemented in its current form, the Kenya Chapter of the international body for professionals’ in audit and information security (ISACA) has said.
While addressing officials from the Constitution of Kenya Implementation Commission (CIC), the over 1,000 experts-strong ISACA Kenya expressed fears that the proposed bills did not fully cater for information freedom and data protection needs even as it became apparent that Kenyans’’ data in hospitals and mobile operators remained vulnerable to misuse by researchers, commercial bodies and other predators.
“The proposed data protection bills and freedom of information bill is a step in right direction but lacks important emphasis on oversight,” said ISACA Kenya chapter president Roy Akalah, during the meeting which was also attended by the Kenya ICT Board.
ISACA further expressed concerns that the bill was not firm to institutionalize enough data protection and regulation responsibility and proposed that a commissioner for data protection and another for freedom on information work under same regulator to “ensure the balancing of the axis for freedom and that of protection.”
The meeting also heard that a lot of data collected by private firms was being stored either locally or overseas and regulation was as important as oversight to ensure protection of the data owners. Data protection and privacy has been further complicated by the business outsourcing industry which is seeing information collected from one location being processed at another.
“We are proposing certain changes to the bills in a bid to ensure that private information and data is protected at the various levels while still protecting freedom of information,” said Michael Murungi, chief executive of Kenya Law Reports (KLR) who reported the body’s findings and recommendations on the new laws to the CIC and Kenya ICT Board.
ISACA Kenya’s task force was composed of legal and regulatory experts as well as Information Security professionals from leading corporate bodies in Kenya who observed that similar legislations in US, South Africa, India, Malaysia and the UK differed from the one proposed on implementation framework.