• Data Protection (General) Regulations expected to help apply the Data Protection Act which came into force in 2019.
• The 14-member task force will be chaired by Data Commissioner Immaculate Kassait.
Image: COURTESY
The government has begun an audit of data protection laws for their application in the management of personal and public information.
ICT Cabinet Secretary Joe Mucheru has appointed a task force to under a review of the said laws and to report to the ministry in six months.
The 14-member task force will be chaired by Data Commissioner Immaculate Kassait.
Members are; Humphrey Njogu, Daniel Obam, Christopher Maina, Duncan Nyale, Marion Muriithi, Miriam Kakenya, Thuranira Gatuyu, Damaris Mukala, Rose Musero, Victor Nzomo, and Augustus Munywoki.
Rahab Juma and Brenda Gabantu were named as joint secretaries.
Mucheru outlined that the team would undertake a comprehensive audit of the Data Protection Act, 2019 – a law which protects the personal information of individuals.
They will be required to identify any gaps or inconsistencies in the law and the Data Protection Policy and propose specific review requirements.
The task force’s other mandate would be to propose any new policy, legal and institutional framework that may be required to implement the data law.
They are also set to develop the Data Protection (General) Regulations and train stakeholders and the public on the said regulations.
Other terms are to undertake public consultation the regulations and any other activities required for the effective discharge of the task force’s mandate.
The Act provides for the regulation of the processing of personal data, rights of data subjects and what is required of data controllers and processors.
In the law, no person - established in or outside Kenya - shall act as a data controller or processor unless registered with the Commissioner.
It will be so as long as they process data while in the country and of subjects that are residents.
Kassait’s task force will also come up with regulations to guide data protection and storage.
The law provides for the protection of sensitive data on race, health status, ethnic social origin, belief, genetic makeup, property details, sexual orientation, marital status, and family details – names of children, parents, and spouses.
There are provisions applying to the collection, storage, and processing of such data as well as the transfer of personal data to another country.
For the latter, there must be proof by the commissioner on the safeguards to ensure security and protection of personal data.
The Act under audit gives the commissioner power to investigate data breaches and sets a fine of up to Sh5 million for persons who breach data laws.