Editorials

EDITORIAL: Personal records law a step in right direction

data

The proposed law on protection of personal information gathered by private firms and government agencies is timely.

In this digital era, data is becoming ever more critical in provision of various services. Many companies, therefore, harvest tonnes of information from their clients in a bid to better understand their specific needs.

There is nothing wrong with collection of private data. In fact, sound data is indispensable in efforts to render quality and tailor-made services. However, there have been cases of widespread misuse of such personal data in the recent past, revealing a crying need for regulation.

Various companies, in Kenya and globally, have been accused of selling private information to third parties without the consent of the owners of the data. This is a serious breach of the right to privacy as guaranteed by the Constitution.

The tragedy is that those aggrieved had no recourse for lack of clear legislation. It is, therefore, a huge relief for Kenyans that the Data Protection Bill 2018 is now in the works.

The Bill, which is long overdue, gives people the right to decide how their data will be used by companies and organisations that collect them. Under the new law, people will also clearly know the purpose for which a data is stored. Those who flout the law will be liable for a five-year jail term or fine of up to Sh5 million.

This is certainly an important step in preserving the sanctity of private data. Companies will now stop treating data in their possession as if it is their own property that they can use whichever way they like. They will henceforth be careful lest they suffer the consequences stated in the proposed law.

There is, however, a few additions that are needed to make this law as watertight as possible.

For instance, the onus of protecting private data should not be on the employees alone.

Companies should also be held responsible and made to pay the price if found to have failed to institute proper measures to protect data in their custody. The Bill also does not stipulate a remedy for those whose data has been misused.

As the culprits are penalised, it would be wise to incorporate some form of damages compensation to the victims.