Data protection or Data Privacy (Information Privacy) is the new regular bullied kid bullied regularly on the streets of Nairobi. Orange Kenya’s employee last week incident raises a lot of questions on how secure data entrusted to them is. Clearly the data they collect and how they use them needs to be questioned, regulated and clearly outlined as to how and what extend/ level they can manage such information.
It is merely question of what information they collect and what they use it for. But before I dig deeper into that, let me highlight some of the flaws depicting luck of a know-how and proper policy regulation in the sector.
What is the relationship between your Cellphone contacts and Security Entrances?
I happen to be the one of those people who never leaves their contacts in the security entrances. Have you ever asked yourself why and how is it that they need this data, even after leaving your ID with them? While you struggle with that, would you share your contacts with a stranger you just met along Moi Avenue? No, unless there’s a connection and a reason to trust.
You may know this; most companies outsource Security Guard Services in Kenya. That brings in a third party, whom you need to trust with your data. While most security guards are not very conversant with Data protection, but Property protection! And even if that was the situation, does their Legal Contract highlight on these issues?
We should be cautious on how much and what extend of information we share in public. Giving out of so much Personal Details to the public is just a step into a fraud world, more so in this web village world. Stolen identities and loss of properties will be your regular visitor.
There is NO relationship between your personal cellphone contacts with security checks; you may give your office contacts though.
Personal Data Safety
A large percentage of data loss is by employees within the Organization.
Your data safety is highly dependent on you and your environment. The environment being your Friends, Government institutions and the Places/People you associate with. We all receive mobile SMS Notifications from our Banks, Insurances, and Clinics etc. But each one of us has had some other institutions contact you mainly as a marketing text or invitation.
The question is, where do these institutions collect this data? I’m talking of WomeninTech, Microsoft, KRU in my situation, to you it might be SportPesa, BetIn and other short code SMSs. Clearly we’ve all submitted our data knowingly or unknowingly to their databases.
I’m not sure if the most annoying thing is these institutions sharing our data with other third parties or their daily annoying SMSs, text or Alerts. How long and how regular do they update their databases? Say delete my contacts because I ceased being their member or customer. My 2007 Bank still sends me birthday SMSs and alerts, even after I closed the account.
Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose. Furthermore, persons or organisations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law.
Clearly this is one sector that needs a lot of regularization and deep policy review.
Allow me to highlight on another issue, this time it’s on you and me, some of us have these things called Business Cards. Basically most of us have had them printed with almost all of our personal details.
Think about this situation, His Excellency Uhuru Kenyatta gave someone his Business card, in this case with all his Personal Details, and this guy happens to have dropped it in the streets! While you think of luck, I think of Information in the wrong hands. Most of us prefer our office contacts being on our business cards.
Cellphones being stolen on the streets not only brings a loss of information but data insecurity. So please be sure you have online back-ups, phone encryptions or remote wipes for safety of yourself and colleagues.
Another option, which I highly recommend is to have a personal cellphone line; I call it a family number, and another for public use. That way you can audit your callers. Your contacts being out there, solely depends on you and your social group.
How safe are the apps and cellphone data in your phone?
This is one field that most people have become victims of data violation, most of the time not knowing. About four years ago at Westgate shopping mall, just outside Safaricom customer services. A lady comes out of the shop crying and feeling upset for not getting the necessary help from the shop’s customer services.
Well her complains were that her calls and copies of SMSs were being shared to her spouse’s cellphones and her marriage was breaking apart. To her it was the Service providers’ fault, but upon checking it was hers, well there was an installed cellphone spy on her phone. Clearly she wasn’t conversant with what apps were installed in her phone.
One other thing is never avoid linking your personal contacts with public accounts. Restrict view of personal contacts as much as possible.
Do we have enough Data Protection Laws?
Well in Kenya Data Privacy (The Data Protection) still remains wanting.
Kenya seemingly is the Hour Clock arm running after the Seconds Clock arm, when it comes to putting proper policies, regularization and laws in the ICT sector. The truth is this sector is growing so fast, people are innovating or borrowing new technologies without the proper laws to regulate them.
Mobile Banking sector is one heavily affected sector. There are a lot of Data Privacy issues affecting the sector. Millions of Money is lost through fraud, accelerated by lack of proper data privacy policies. While it’s good to note of major improvements to gap these fraudulent activities in this sector, it is still clear that a lot still needs to be done.
For instance, what banks don’t want to tell us is that there is lack of privacy brought in by Mobile Banking Agents. This is because we end up trusting Mobile Banking Agents with our Personal details and records of our Financial Transactions.
They need to work on taking away some records from their agents’ hands or better still bind their agents to a law and regular audit.
Not only are we slow in putting proper regulations in place but even introducing industrial driven ICT curriculums in our Higher Educations. We import some technologies and spend years before a curricular is introduced to generate enough skills to steer regulations in the sector.
One would think Kenya having an upper hand on M-pesa Mobile money transfer would have set up a Curriculum in the University, let alone research institution on these technologies.
Under the 2009 Science, Technology, Innovation Policy and Strategy, it is recognized that social and economic growth of any country is largely a result of the transformation of knowledge, science and technology into goods and services. Integration of ST & I in national production processes is central to the success of Government’s policy priorities and programmes as outlined under Kenya Vision 2030.
In the meantime, take time to learn about new technologies and don’t be so fast to use them before understanding their Data Privacy Policies. Plus, please consult with and IT conversant person or trust your search Engine reviews.
The power is on your hands.
The choices you have are to be wise and cautious. This is a chameleon sector, every day a new technology is on the market and the power to protect your data is handed to you, so you better know where to tick, ignore or put on pending.
There is so much power placed on you as a user. Don’t just click agree or install. Read those tedious terms, it’s a data world.
It isn’t new that social networking sites and Apps are growing fast and taking an integral active part of many lives, a large percentage of Kenyan youth population use either of the social networks, but you probably won’t be happy to know that the social media is also being used by marginal (criminal) groups in society-, Burglars, Drug peddlers, Inciting Tool etc.