In the fast-evolving landscape of technological advancements, where information is the new currency, Heads of Departments find themselves at the forefront of a crucial responsibility – enhancing data protection. The call to action was resounded during an awareness sensitization program in Eldoret, Uasin Gishu, led by Katumbi Mailu, the North Rift Regional Head of the Office of the Data Protection Commissioner (ODPC).
Mailu emphasized the collective nature of ensuring data safety, highlighting that every individual plays a vital role in protecting sensitive information. A clear desk policy, she advocated, should be embraced to limit access to authorized personnel only, preventing unauthorized individuals from compromising crucial data.
Data protection, as Mailu pointed out, is not merely a local concern but a global imperative. In an era where information knows no boundaries, having updated, collected, and protected data is paramount. The legal foundation for this endeavor lies in the Data Protection Act (DPA) of 2019, which draws its authority from Article 31(c) and (d) of the Constitution of Kenya 2010, affirming the right to privacy.
The six principles of data protection, namely lawfulness, fairness and transparency, integrity and confidentiality, purpose limitation, data minimization, storage limitation, accuracy, and accountability, were underscored as essential guidelines for departmental heads to adopt.
Mailu delved into the lawful basis for processing personal data, which includes obtaining consent, performance contracts, legal obligations, vital interests of the data subject, public interest, and authority. In doing so, she provided a comprehensive framework that ensures the ethical and legal handling of sensitive information.
Highlighting ODPC’s milestones, Mailu showcased the implementation of the DPA, office automation through Content Management System (CMS) and Enterprise Resource Planning (ERP) systems, and the maintenance of an updated register of data controllers and processors. These advancements are pivotal in creating a robust system for data protection.
The Principal Data Protection Officer emphasized that personal data collection and processing touch upon various government priorities, such as agriculture, health, housing, the digital superhighway, and MSMEs. The cross-cutting nature of this issue demands a meticulous approach to safeguarding and utilizing information for its intended purposes.