Kenya: Survey reveals firms share clients' data with third parties without consent
"Kenyan firms on the spot for sharing customer data"
More than a fifth of Kenyan companies shared customers’ financial and personal information without the client’s consent in breach of data protection laws enacted two years ago. A survey by consultancy Ernst & Young shows that 41 percent of firms transferred their clients’ data to third-party service providers. More than half or 53 percent of these companies did not seek the approval of their customers before sharing the data.
This violates the law that restricts the handling and sharing of personal data firms and government entities obtain. Individuals in breach risk a maximum fine of Sh3 million or 10 years in jail, while firms risk a fine of up to Sh5 million or one percent of annual turnover. “The problem is some of the organisations have not started internalising the requirements provided by the Act. So up to now organisations have been sharing information freely and this is a violation of the Act,” said Robert Nyamu, digital, analytics and cybersecurity solutions partner at Ernst & Young.
EY surveyed several organisations, including top banks, asset managers, insurance companies, telcos, retailers and manufacturing firms...