Government agencies have been urged to conduct regular public sensitization on their programmes and mandates for the target beneficiaries to maximize benefits from state investments in the organizations and the initiatives they propagate.
Samburu County residents attending a public awareness workshop organized by the Office of the Data Protection Commissioner (ODPC) in Maralal town on Friday, complained that many Kenyans at the grassroots lost out on opportunities open to them because the relevant agencies failed to adequately educate the public on the same.
They also said that many Kenyans in marginalized areas, Samburu County included, found themselves on the wrong side of the law out of sheer ignorance, saying relevant state agencies should consider public sensitization more seriously.
The residents suggested that every government initiative and agency should incorporate a comprehensive public communication component to enable the various stakeholders to understand their roles in project or policy implementation and the opportunities therein, making the initiatives worthwhile.
Mireri Mose, an Assistant County Commissioner in the area, caused laughter when he told participants that a number of local boda boda operators worked without driving licenses, only for them to argue they were not aware they should have the document when arrested.
ODPC is holding a series of public sensitization workshops at the county level countrywide under what the organization calls the County Awareness Outreach Programme, where participants are trained on the need to protect personal data in their possession.
Under the programme, which aims to institutionalize data protection in the country, participants are educated on the role and mandate of ODPC and their individual responsibilities as the source of personal data given to second parties.
Most importantly, individuals and institutions that collect service-related personal data, who are referred to as Data Controllers, as well as those that gather the information on their behalf, known as Data Processors, are sensitized on the need to register themselves with ODPC, besides developing structures to ensure the security of the information they gather regarding an individual.
Data controllers include health facilities, financial and learning institutions, as well as hotels, while Data Processors comprise bank and mobile service provider agents and security personnel at the entrance to buildings.
The Data Protection Act of 2019 defines several penalties that can be meted on a Data Controller or Processor who fails to protect personal data, resulting in a breach of the same, among them being a fine of up to five million shillings.
Personal data is any information that describes or defines an individual and can therefore be used to identify that person, and its protection is guaranteed under the constitutional provision for the right to privacy, besides being a right under the Human Rights Convention.
It includes one’s national identity, telephone number, birth certificate, and location, while sensitive personal data includes one’s health status, biometric data, ethnicity, and marital status.
Yusuf Momayi, an officer with the ODPC, who made a presentation on behalf of the Data Protection Commissioner Immaculate Kassait, said data subjects or individuals from whom personal information is gathered have a right to give or withhold it, access it from the collector or processor, as well as demand for correction and deletion as per the Protection Act of 2019.
Jotham Makanga, who also delivered a presentation on behalf of the ODPC boss, said Data Controllers and Processors have an obligation to ensure all their services, programmes, projects, and partners comply with the data protection framework.
Makanga said they should also develop and publish their data protection policy, and conduct a protection impact assessment, besides notifying the Data Commissioner of any data breach within 72 hours of its occurrence and informing the concerned data subject regarding the same.
A personal data breach occurs when, due to insecurity, an individual’s information held by a Data Controller or Processor is accidentally or unlawfully destroyed, lost, or altered, and also when the said record is disclosed, accessed, transmitted, stored, or processed without the subject’s authority.
Lucy Sophina Loronyokie, an activist for people living with disability and who works for Samburu Integrated Development for the Disabled Women and Girls, a local NGO, lauded ODPC for its County Awareness Outreach Programme saying it was a move in the right direction. She said the public often heard of government initiatives on political platforms and therefore missed important opportunities depending on the political leaders as the information sources.
Mose, who officially opened the one-day workshop at a hotel in Maralal town on behalf of the area County Commissioner, said the training was timely for area residents, saying there were many local NGOs that sought approval from the Commissioner’s office and which ended up gathering a lot of personal data.
He said Samburu County was in urgent need of public sensitization by various relevant government agencies, saying ignorance was very high among area residents.
The call for public awareness creation comes as the government implements several initiatives, including the Affordable Housing and Hustler Fund, and also seeks to implement the 2023–2024 Budget, all of which have elicited intense public debate and created a political divide among politicians and some citizens.
By Ngugi Bernard