Kenyans ignorant on data protection law – report

Kenyans ignorant on data protection law – report

It has emerged that despite the data protection law being in force for nearly 12 months, most Kenyans are unprepared to effect its regulations.

With COVID-19 pushing more organizations to adopt technology for their operations, public and private sector staff, contractors and executives are working away from their office premises to the extent that 2020 recorded the highest jump in cyber security attacks recorded by Cyber Security Consultancy Serianu since 2018.

“The first one is a remarkable rise in the number of cyber security attacks that were detected, more than double from 23 million in 2019 to 51 million cases in 2020. Secondly, and even more crucially, is that over 90 per cent of Kenyans surveyed have neither understood the new Data Protection Act and nor fully considered its impact,” said Mr. Joseph Mathenge, Serianu Chief Operating Officer.

He was speaking during the official launch of the Kenyan edition of the annual Africa Cyber Security Report, a regular documentation of threats, trends and opportunities arising in cyber security produced by Serianu.

Mr. Mathenge said that two major developments had taken place in Kenya particularly and Africa generally over the past 19 months covered in the survey.

According to the Serianu report, 95 per cent of Kenyans are mostly ignorant about it, with less than half saying they were remotely aware of its existence.

This is even though over 70 per cent of the organizations interviewed acknowledged collecting sensitive personal and corporate data in the normal course of their operations.

The report paints a picture of a lackluster public attitude towards the Data Protection Act of 2019, a situation that the Serianu say is reflected in the fact that since the law was enacted, over 70 per cent of respondents have not taken any steps to preserve the data that they already possess.

“This may be because there has not been an enforcement regulator in place, with the appointment of the new Data Commissioner only recently concluded,” explained Mathenge adding that within most organizations they surveyed, there is a prevailing sense of misunderstanding of what constitutes data and the consequences of its mismanagement.

Kenya, he noted, is at a crucial turning point since there are multitude technologies that expose the general population’s personal information to potential misuse.

As a result, one of the major points of note in the report is that the new Data Protection Act calls for enhanced cyber security vigilance due to the rise of identity theft as a major form of fraud.

The report singles out medical records as particularly vulnerable, stating that health providers are expected to be under closer scrutiny by the new data regulator due to the sensitivity of the information they keep.

latest stories