Is your Covid-19 data safe and confidential?

Public input invited on Guidance Note on Personal Data Protection on Covid-19 responses

In Summary

• The Data Protection Act, 2019 regulates processing of personal data, provides for the rights of data subjects and obligations of data controllers and processors.

• A draft guidance note concerns information about Covid-19 nd public input is sought about protection of privacy while using information for research and improved response.

ICT Cabinet Secretary Joe Mucheru.
CYBER HYGIENE: ICT Cabinet Secretary Joe Mucheru.

Kenyans have been asked to give their opinions on draft guidelines on access to personal data involving the Covid-19 pandemic.

Privacy concerns are central.

The government has called for public participation through a notice published on Tuesday on draft guidelines.

“The Office of Data Protection through the Covid-19 ICT Advisory Committee has developed the Guidance Note on Personal Data Protection on Covid-19 responses, and hereby invites all stakeholders to submit inputs and comments by downloading the Draft Guidelines,” the notice reads.

The expectation is that after stakeholders' consultation the public and private sector will have policy guidelines on processing personal data of individuals for information on responses and research on the pandemic

The notice said this will include data requests by innovators and researchers to give effect to the right to privacy and protection of personal information.  

“Members of the public and private organisations are invited to submit substantive comments with specific proposals for amendments to the Draft Strategy within 24 working days from the date of the advert," it said.

The Data Protection Act, 2019 was assented to in November 2019 to provide for the regulation of processing of personal data, provide for the rights of data subjects and obligations of data controllers and processors.

The note makes it Covid-specific. 

The Act established the Office of the Data Protection Commissioner to oversee the implementation and be responsible for enforcement.

It is also mandated to maintain a register of data controllers including at the request of a data subject, and verify whether the processing of data is done in accordance with this Act.

“The office also carries out inspections of public and private entities with a view to evaluating the processing of personal data, promotes international cooperation in matters relating to data protection and ensures country's compliance on data protection obligations under international conventions and agreements,” the Act reads.

The aim is to ensure there is no significant risk or adverse effect on the privacy of individuals.

(Edited by V. Graham)