Editorial: Kenya's data protection agency must punish firms violating client's privacy
"Data protection office must punish violators"
Reports that companies are selling clients’ data without their consent is unacceptable and an invasion of privacy that should be nipped in the bud. More than a fifth of Kenyan companies shared customers’ financial and personal information in breach of data protection laws enacted two years ago.
A survey by consultancy Ernst & Young shows that 41 percent of firms transferred their clients’ data to third-party service providers. This violates the law that restricts the handling and sharing of personal data firms and government entities obtain. Office of the Data Protection Commissioner (ODPC) should investigate the breaches highlighted in the report and fine companies that are not following the law.