class="container container-header"

Data Security Today

24 August 2021

3 minute read

Data Security Today
Technology has so strongly been synced to our everyday lives and as a result, data security is both personal and a corporate consideration. Personal computer and mobile phone users are faced with concerns on the accessibility of their devices and the data contained in the same way that businesses are concerned with customer data. As technology is primarily intended to makes things easier and more efficient, it also comes with the increased concerns, including cyberattacks and cybercrime, with the potential harm that may arise being almost limitless. Consequently, data security seems to be an ever-growing issue in the modern era. What risks? On a personal level, the security of our data is ever at risk by virtue of being users of different digital products and platforms. Most, if not all persons, have received notifications of unauthorized attempts to access email and social media accounts. This has led to increased awareness on security measures including the use of encrypted communication as well as setting of password requirements by various sites. Likewise, commercial users and enterprises are constantly facing the risks of data breaches, hacking and data leaks due to the level of customer data and information they hold. An example of this is the alleged hacking of the National Identification Information Management System (NIIMS), which was being criticized for among other reasons, an inability to ensure that data is secure. Similar incidences have affected other institutions such as banks, amongst others globally. On a more global scale, major tech players are being accused of automating permissions that allow all manner of data collection, not only from browser history but also from voice recognition aspects in the software, with reports of many having conversations only for the items they mention to appear as advertisements targeted at them. Data Protection and Security? In Kenya, the main legislation relating to this is the Data Protection Act, 2019 No.24 of 2019, which imposes various requirements in relation to the protection of one’s personal data. Such obligations are placed on the holder of the data, specifically to ensure that appropriate safeguards are put in place when handling personal data. This Act, with the explicit use of the phrase “security” makes it a key consideration governing data processing and transfer of personal data outside Kenya among other instances and further mentions “encryption” as a means of ensuring data protection and security. Although the term ‘appropriate safeguards’ has not been defined, it similarly has not, to our knowledge, been subjected to judicial interpretation in Kenyan courts being a new legislation. As such, we may seek guidance from the General Data Protection Guidelines of the EU, from which our data protection legislation was heavily borrowed from and which expressly outlines what amounts to appropriate safeguards that may be provided “without requiring specific authorisation from a supervisory authority” under Article 46 (2). There are also other personal measures taken to ensure the safeguarding of our data in everyday usage of our devices. To start with, one should at least read through the terms and conditions as well as privacy policy for various platforms before accepting and using their services. This is because some service providers take advantage of the fact that most persons do not take the time to read through them and include provisions that may not be ideal to the user, including terms that allow them to use your data for additional purposes other than to provide their services. Recent research has shown that by blindly consenting to such terms, we may be consenting to giving our data to third parties, and in some instances, accepting serious risks relating to our cyber security. Given the increasing digitization of businesses, there exists a need for a more proactive approach to data security. Businesses should take early and anticipatory steps towards embedding the principles of data protection and cyber security in their internal infrastructures, as well as within the legal relations with other service providers and consumers.

Related blogs & news

What you need to know about the Data Protection Act, 2019

For a long time, Kenya has lacked a comprehensive personal data protection legislation which has been quite necessary in this age of digital use and access. This has exposed citizens to the risk of their personal data being misused. ...

The Data Protection Act: A Series

The Data Protection Act, No. 24 of 2019 (the DPA) was enacted into law on 11 November 2019 through Gazette Supplement Number 181. The provisions of the DPA gives life to Article 31 (c) and (d) of the Constitution of Kenya which guarantees the right to privacy including the right of a person not to have information relating to their family or private affairs unnecessarily required or revealed and the right not to have the privacy of their communications infringed....

Data Subject - What you need to know

The Data Protection Act, No. 24 of 2019 (the DPA), introduced various concepts and principles aimed at bringing to life the right to privacy enshrined under our Constitution. ...

Notification of Data Breach

One of the distinct changes made to the way we handle and perceive personal data relates to responding to a breach of personal data....

Data Protection in M&A What You Need to Know

Any context requiring or necessitating the use of personal data requires taking steps to comply with the Data Protection Act, 2019 (the Act), including where personal data is to be shared or processed within a transactional context. ...


section separator logo

Let us take it from here.

+254 716 209673

law@cmadvocates.com

Skip to contentHomeAbout UsInsightsServicesContactAccessibility