Heads of Departments Urged to Be Key Drivers of Data Protection

Uasin Gishu

Monday December 18, 2023,

KNA By Ekuwam Sylvester

Heads of department have been urged to play a crucial role in enhancing data protection at all their work environments across various Ministries, Departments and Agencies (MDAs) of the government.

Speaking during the awareness sensitisation programme in Eldoret, Uasin Gishu, North Rift Regional Head, Office of the Data Protection Commissioner (ODPC) Katumbi Mailu pointed out that ensuring data safety is a collective responsibility of everybody.

“You should not leave your data and documents on the table where unauthorized people can access, we need to embrace clear desk policy where your data is only accessible to you and any other authorized person,” she noted.

Ms Mailu who is a Data Protection Principal Officer further noted that data protection is a global issue currently adding that it is important to have updated, collected and protected data.

The Regional Head said that the ODPC derives its mandate from the Data Protection Act (DPA), 2019 whose enactment gives effect to Article 31 (c) and (d) of the Constitution of Kenya 2010 which states that every person has the right to privacy, which includes the right not to have (c) information relating to their family or private affairs unnecessarily required or revealed; or (d) the privacy of their communications infringed.

She explained that The DPA provides a framework for the right to privacy as it applies personal data, this includes the principles of data protection, right of the data subjects, lawful basis of processing data, obligation of data controllers and processors, data localisation, transfer, Data Protection Impact Assessment and others.

Ms Mailu urged the departmental heads to embrace the six principles of data protection which include lawfulness, fairness and transparency, integrity and confidentiality, purpose limitation, data minimisation, storage limitation and accuracy and accountability.

She hinted on the lawful basis of processing personal data which involves seeking consent from the subject, having performance contracts, legal obligation, vital interest of the data subject, public interest and authority among others.

The Principal Data Protection Officer mentioned that the ODPC has achieved great milestones in ensuring the safety of data which include 4 sets of DPA which are in force currently, office automation with Content Management System (CMS) and Enterprise Resource Planning (ERP) systems, establishing and maintaining an up to date register of data controllers and data processors among others.

She further said that collecting and processing of personal data touches on all government priority agenda like agriculture, health, housing, digital superhighway, MSMEs and others.

“Collection and processing of personal data is a cross-cutting issue like registration of farmers, access to medical care, acquisition of property and e-commerce. How then, is this information safeguarded and used for the intended purposes? Questioned Madam Mailu.

She called on all stakeholders handling personal data to appreciate and embark on compliance of the regulations under DPA, 2019.

“Adopt practices that take into account principles, rights of data subjects and safeguards under DPA, 2019 and at the same time, undertake Data Impact Assessments, document any data breach and mitigation taken as you collaborate with the ODPC,” she added.

Courtesy; KNA