BY VICTOR ADAR
There are a million and one cases where corporate companies, individuals or political parties would send unsolicited information to a particular target group. In fact, it is a common phenomenon to be met with messages like, “don’t miss out on the next promotion”, “this week it is bigger and better”, “sign up by mid-night and we will reward you”, or “please reply with one to vote for xyz”.
Peoples’ personal details have always landed in wrong hands. Will the pressing issue of data safety ever be solved? What’s the impact of the data you are collecting? Is data police the cure we are looking for?
It is that moment when misuse of data will be a thing of the past. The data commissioner, Immaculate Kassait, is ready to bring back the fire that has been lost due to data collection gaps. She has built a commission from scratch but lack of strong financial muscle means that help comes from other ministries.
Ms Kassait oozes energy and is passionate about data privacy and has put in place measures, which are expected to translate into success. Focused and determined, the first ever data commissioner says that Data Protection Act 2019 clearly provides a framework for which organisations can rely on as far as collection and processing of individual’s personal information is concerned. It spells out practical procedures that companies ought to follow when obtaining an individual’s data.
“Never underestimate the power of data,” she says. “We have developed a guideline on data impact assessment which is a key on data controllers… data controllers are anybody who processes personal data. So the data protection Act is based on what we call a data risk assessment that before you embark on any project that has to do with personal data you are supposed to undertake a data impact assessment or even as you proceed basically to access the impact of the data you are collecting on your subjects.”
The office of the data commissioner is timely and best bet for the country especially now that digital channels are quickly becoming the preferred platforms that most businesses and private entities use for data collection.
Before she was appointed a data commissioner, she was responsible for voter education and partnerships at the Independent Electoral and Boundaries Commission (IEBC). It is also important to note that Ms Kassait who holds a Bachelors Degree in law from Makerere University also cut her teeth as a business administrator thanks to a Masters from the United States International University Africa.
In February this year, her office launched 100 days status report that tilted focus on personal data. She was able to share two guidelines, one manual and a service charter, products that her office was able to develop within 100 days.
Since the bulk of Kenyans are still not aware of their rights to privacy, hers was to not only share the commission’s vision for the current year but also give assurance that she is in control of data submitted to both the private and public entities.
“We are in the process of developing regulations… We now have regulation draft being worked on… We are proud of us having draft staff management, and having an operational plan that outline six months to one year of what we are able to do,” she said.
The success she has achieved so far is as a result of the tremendous support that the commission has received from other ministries especially the Ministry of Information and Communications in terms of policies as well as standard operating procedures.
“When it comes to data protection players whether big or small, as long as they are dealing with data, there is need for them to comply… Our priorities are awareness creation, putting in place structures, having personnel who even if we have any complaints they are able to investigate, and are able to do inspection. Our priorities are structure, operationalization and unpacking issues around recruitment and human resources,” said Ms Kassait, adding that this is a journey that will take a while.