Follow

Safaricom reported to watchdog over alleged failure to protect data

By Lewis Njoka
Thursday, February 11th, 2021
A view of the Safaricom headquarters in Westlands, Nairobi. Photo/PD/FILE
In summary

PRIVACY: A subscriber has written to the Data Commissioner accusing Safaricom of failing to protect customer data as required by the law. 

In a letter dated February 5, Adrian Kamotho Njenga, said the giant telco had failed to protect subscriber data resulting in privacy breach affecting millions of subscribers.

“From all available evidence and in all pleadings lodged in court by Safaricom and other duelling parties, it is outwardly visible that confidentiality, privacy and security of subscriber data lawfully entrusted to Safaricom Plc remains in perpetual breach,” the letter says in part.

The letter to Data Commissioner Immaculate Kassait is dated February 4, 2021 and signed by Adrian Kamotho Njenga and Company Advocates.

Personal data

“Personal data of millions of Safaricom Plc subscribers has been variously transferred from Safaricom servers to publicly accessible Google drive repositories as well as other devices outside Safaricom’s control and continues to date to be unlawfully exposed,” the firm says.

It said data which is no longer under the control and custody of Safaricom continues to be randomly shared and offered for sale contrary to the telco’s contractual and statutory duty to keep the data confidential.

According to the subscriber, Safaricom is yet to comply with the constitutional and statutory requirements relating to data provision and privacy despite persistent breaches.

The law firm wants the data officer to use the powers of her office to address the allegations made.

“In light of the foregoing information, our client hereby approaches your good office for reprieve.

Without doubt, the tools needed to secure the rights of our client are truly in your hands,” it says.

The law firm says that Clause 4 of the M-Pesa Customer Terms and conditions unequivocally binds Safaricom to protect the privacy of all information provided by users of M-Pesa.

According to a 2020 report by the Communications Authority of Kenya, Safaricom has 35.6 million subscribers, the highest in Kenya among telcos.

Failure to protect such amount of data could have serious ramifications for both the subscribers and the telco giant including identity theft and other cybercrimes.

Data protection has become a major issue in the recent past with social media giant, Facebook, facing global backlash over its WhatsApp data policies which are deemed by many to offer inadequate protection for subscriber data.– Lewis Njoka