Nakuru County Government intends to have all its contracted and aspiring suppliers registered with the Office of the Data Protection Commissioner (ODPC) as part of enforcement of the Data Protection Act among the contractors.
The Act, which was enacted in 2019 requires any organization that handles Personal Data to be registered with ODPC as a commitment to protect information in their possession regarding individuals they interact with as clients or partners in business.
According to the Act, one can be fined up to Sh5 million for causing a breach of Personal Data in one’s possession. Protection of Personal Data in Kenya is a constitutional right which is guaranteed under the right to privacy.
Personal Data is any information about an individual that can be used to identify the person and it includes one’s national identity card, health status, telephone number, biometric data, ethnicity, birth certificate, location and marital status.
ODPC categorizes personal data handlers into two: Data Controllers and Data Processors, with the former defined as individuals or lawful organizations that collect information on an individual for service delivery purposes and therefore, they determine the use of the records, while the latter gather the information on behalf of the users.
Data Controllers include health facilities, financial and learning institutions, as well as hotels while Data Processors comprise bank and mobile service provider agents and security personnel at entrance to buildings.
To ensure Data Controllers and Data Processors secure the Personal Data they collect, the Act requires they be registered with ODPC, which is charged with regulation of the use of the data and protecting the data subjects against breach of their records.
Speaking when opening a public awareness workshop organized by ODPC at a Nakuru hotel, area Deputy Governor David Kones said the County Government was committed to protection of Personal Data as spelt out in the Act and was ready to comply with the same.
“As a County Government, we must commit ourselves to respect the Data Protection Act, 2019,” said Kones, adding the administration had a lawful basis to collect Personal Data for service delivery and as a result, various departments held a lot of information on individuals.
He said consequently, the County Government was bound to put in place safeguards to protect the data in compliance with the Act.
Yusuf Momanyi, an officer with ODPC and who represented the Data Protection Commissioner, Immaculate Kassait during the one-day workshop, commended Nakuru County Government for their readiness to collaborate with the Office in Personal Data protection and commitment to cascade the same to their contracted and aspiring suppliers.
Urging participants to guard any second party Personal Data in their possession against breach, Momanyi reminded them abuse of such information could attract heavy fine if victims launched complaint with ODPC and it was confirmed to be true.
Breach refers to accidental or unlawful destruction, loss or alteration of Personal Data due to insecurity. It also includes disclosure, access, transmission, storage or processing of an individual’s records without the subject’s authority.
The Nakuru workshop is part of a series of public sensitization campaign ODPC is holding in all counties under an arrangement the organization calls County Awareness Outreach Program, to educate the public on the need to protect personal data as well as the mandated and role of the organization.
By Ngugi Bernard