From left: Equity Group head of data governance Patrick Kariuki, Absa Kenya chief data officer Hartnell Ndungi, Data Protection commissioner Immaculate Kassait, KCB head, information risk Wycliffe Momanyi and EY associate director, cybersecurity, privacy and trusted technology, Anthony Muiyuro during the launch of the EY Data Protection and Privacy Report July 22, 2021. PHOTO | DIANA NGILA NMG | NMG
More than a fifth of Kenyan companies shared customers’ financial and personal information without the client’s consent in breach of data protection laws enacted two years ago.
A survey by consultancy Ernst & Young shows that 41 percent of firms transferred their clients’ data to third-party service providers.
More than half or 53 percent of these companies did not seek the approval of their customers before sharing the data.
This violates the law that restricts the handling and sharing of personal data firms and government entities obtain.
Individuals in breach risk a maximum fine of Ksh3 million ($27,726) or 10 years in jail, while firms risk a fine of up to Ksh5 million ($46,210) or one percent of annual turnover.