According to the report by NTV, Safaricom, Kenya’s leading telecommunications company, has recently been fined Sh250,000 for unlawfully using a customer’s national identity (ID) card to register a SIM card without her permission.
This incident has raised serious concerns about how Safaricom handles and protects customer data, highlighting a pattern of data misuse and privacy violations by the company.
In this particular case, Safaricom transferred ownership of Catherine Murithi’s corporate phone line from her former employer to her personal ID shortly after her employment was terminated.
This action was taken without Ms. Murithi’s consent, infringing upon her right to be informed under Section 26(a) of the Data Protection Act and constituting unlawful processing of her personal data.
The Data Commissioner, Immaculate Kassait, ruled against Safaricom, emphasizing the company’s failure to directly engage with Ms. Murithi regarding the transfer of her phone line. Instead, Safaricom dealt solely with the employer, Becton Dickinson (BD), even though Ms. Murithi was no longer associated with the company.
Both Safaricom and BD were ordered to pay Sh250,000 each as compensation for the infringement of Ms. Murithi’s rights. This incident is not isolated. Safaricom has faced multiple allegations and legal actions concerning data breaches and the misuse of customer information.
In 2019, the company was embroiled in a lawsuit over an alleged breach involving the leak of data from 11.5 million customers. High-ranking Safaricom employees were accused of selling customer data on the black market, exposing a big lapse in the company’s data security measures.
Moreover, investigations have revealed that Kenyan security agencies have had almost unrestricted access to mobile phone users’ call data records and location data. This access was facilitated by a data management system embedded within Safaricom’s internal systems by a British software company, Neural Technologies. While intended for tracking suspects, this system has raised privacy and human rights concerns, as it allows real-time access to call data without adequate oversight or consent from users.
These instances underscore a troubling pattern in Safaricom’s handling of customer data.
The company’s actions suggest a disregard for the privacy and rights of its users, often prioritizing corporate or external interests over individual data protection. Such practices not only violate legal standards set by the Data Protection Act but also erode public trust in the company’s commitment to safeguarding personal information.
Leave feedback about this