CYBER SECURITY

Kenya taps UK firm to guide employers on data protection

UK-based consulting firm Johan ICT in Kenya to help companies in data protection compliance.

In Summary

•Companies with an annual turnover of above Sh5 million and have at least 10 employees have been given up to July 14 to comply with data registration requirements or face penalties. 

•ICT cabinet secretary Joe Mucheru on Tuesday launched the UK-based consulting firm Johan ICT in Kenya to help companies in data protection compliance.

Cabinet Secretary for ICT Joe Mucheru.
Cabinet Secretary for ICT Joe Mucheru.
Image: FILE

As the deadline for data registration looms, ICT ministry has sought external consultancy to help companies protect employees private information.

ICT cabinet secretary Joe Mucheru on Tuesday unveiled a UK-based consulting firm Johan ICT to help companies in data protection compliance.

Commonly breached personal identification information via workplaces include individual's home address, bank account details, health record, email, insurance information as well as passport details.

The firm is seeking clientele across key industry sectors including financial services, manufacturing, insurance, healthcare, retail, media and government.

Johan ICT, managing consultant Akin Oyegoke said the platform will offer integrated audit and compliance implementation services.

This, he said, will guide organisations to align their business processes with the provisions of the Kenya Data Protection Act .

Companies with an annual turnover of above Sh5 million and have at least 10 employees have been given up to July 14 to comply with data registration requirements or face penalties. 

"Any organisation that wants to work effectively needs to ensure the safety of their information by implementing a data protection framework which ensures that sensitive data is only accessible to approved parties,"  Oyegoke said.

She added that governments, organisations and individuals increasingly generate, collect and process personal data making it imperative that customers’ data is safeguarded by implementing a strong data security.

Data Commissioner Immaculate Kassait said there is increased appetite for data protection by companies in Kenya.

In the last two years, Kenya has seen increased use of  digital services.

After the outbreak of Covid-19 pandemic many businesses and individuals across the world opted for virtual business transactions making them vulnerable to operation risks.

During the same period, there was a jump in the use of social media as Kenyans adopted more digitised forms of entertainment and business.

While these changes accelerated Kenya’s digital transformation, they  also increased vulnerability online, with cyber criminals leveraging on these shifts to exploit loopholes in these tools and platforms.

Consequently, there was a surge in phishing attacks, data breaches,fake news, ransomware, impersonation, false publications, incitement, online fraud, cyber bullying and harassment.

Data from Communications Authority of Kenya (CAK) shows the number of cyber threats more than doubled between July 2021 to May.

The Authority reported an all time high of 359.2 million threats, a 133 per cent increase from 154.4 million recorded in FY2020-21 and 110.9 in 2019.

The growing threat was attributed to increase in users accessing the internet, creating a larger pool of targets for online criminals.

According to the Economic Survey 2022 by the National Bureau of Statistics, healthcare systems, utility providers and public infrastructure were most targeted by cyber criminals last year.

Insurance firms, schools, government organisations and financial institutions were also on the radar of hacktivists.