Heads of Department have been urged to play a crucial role in enhancing data protection in all their work environments across various Ministries, Departments, and Agencies (MDAs) of the government.
Speaking during the awareness sensitisation programme in Eldoret, Uasin Gishu, North Rift Regional Head, Office of the Data Protection Commissioner (ODPC), Katumbi Mailu, pointed out that ensuring data safety is a collective responsibility of everybody.
“You should not leave your data and documents on the table where unauthorised people can access them; we need to embrace a clear desk policy where your data is only accessible to you and any other authorised person,” she noted.
Ms. Mailu, who is a Data Protection Principal Officer, further noted that data protection is a global issue currently, adding that it is important to have updated, collected, and protected data.
The Regional Head said that the ODPC derives its mandate from the Data Protection Act (DPA), 2019, whose enactment gives effect to Article 31(c) and (d) of the Constitution of Kenya 2010, which states that every person has the right to privacy, which includes the right not to have (c) information relating to their family or private affairs unnecessarily required or revealed; or (d) the privacy of their communications infringed.
She explained that the DPA provides a framework for the right to privacy as it applies to personal data. This includes the principles of data protection, the rights of the data subjects, the lawful basis for processing data, the obligations of data controllers and processors, data localisation, transfer, the Data Protection Impact Assessment, and others.
Ms. Mailu urged the departmental heads to embrace the six principles of data protection, which include lawfulness, fairness and transparency, integrity and confidentiality, purpose limitation, data minimisation, storage limitation, accuracy, and accountability.
She hinted at the lawful basis of processing personal data, which involves seeking consent from the subject, having performance contracts, legal obligations, the vital interest of the data subject, public interest, and authority, among others.
The Principal Data Protection Officer mentioned that the ODPC has achieved great milestones in ensuring the safety of data, which include four sets of DPA currently in force, office automation with Content Management System (CMS) and Enterprise Resource Planning (ERP) systems, and establishing and maintaining an up-to-date register of data controllers and data processors, among others.
She further said that collecting and processing personal data touches on all government priorities, like agriculture, health, housing, the digital superhighway, MSMEs, and others.
“Collection and processing of personal data is a cross-cutting issue like registration of farmers, access to medical care, acquisition of property, and e-commerce. How, then, is this information safeguarded and used for the intended purposes? questioned Madam Mailu.
She called on all stakeholders handling personal data to appreciate and embark on compliance with the regulations under DPA 2019.
“Adopt practices that take into account principles, rights of data subjects, and safeguards under the DPA of 2019 and, at the same time, undertake Data Impact Assessments, document any data breach, and take mitigation measures as you collaborate with the ODPC,” she added.
By Ekuwam Sylvester
