Forty Digital Credit Providers (DCPs) are facing sanctions over complaints of the breach of their customers’ personal data.
This comes after the Office of the Data Protection Commission (ODPC) issued a statement on Wednesday notifying the public that it is conducting a preliminary assessment and audit on DCPs over the same.
“The Office of the Data Protection Commission (ODPC) wishes to notify the public that it is conducting preliminary documentary assessment and audit on 40 Digital Credit Providers (DCPs) whose practices regarding the processing of personal data has been raised to the Data Commissioner as complaints by various members of the public,” the statement read.
According to ODCP, they have received 299 complaints related to the digital lenders, which represent 54 per cent of the 555 cases the office admitted out of the 1030 complaints raised.
“As of 30 September 2022, ODPC had received 1,030 complaints, the office admitted 555 of these cases including 299 which were on Digital Lenders, representing 54 per cent of all cases admitted,” the ODPC said.
“The Data Protection (Complaints Handling and Enforcement Procedures) regulations, 2021 took effect on February 2022 paving way for data subjects to file complaints and report data breaches to the Data Commissioner.”
During the audit process, the aforementioned DCPS will be required to provide this Office with requisite documents by October 18, 2022 failure to which they will be deemed to have failed to cooperate with the Office which is an offence under Section 61 of the Act.
ODPC has also issued an enforcement notice against Aga Khan University Hospital following a breach of Kenya's Data Protection Laws.
According to the statement a complaint a patient lodged a complaint to the Data Commissioner that after visiting the Hospital and a staff later inappropriately contacted the complainant contrary to Sections 25, 41 and 46 of the Data Protection Act, 2019.
In exercise of the Powers of the ODPC, the Data Commissioner directed the Hospital to outline specific measures it will take to mitigate or eliminate the breach/ contravention and to rectify and/or put in place structures within which the measures shall be implemented within 30 days.
ODPC also cautioned that the breach of personal data attracts a hefty fine, jail time or both should one be found culpable.
“Pursuant to Section 58(3) of the Data Protection Act, 2019, any person who, without reasonable excuse, fails to comply with an enforcement notice commits an offence and is liable on conviction to a fine not exceeding five million shillings or to imprisonment for a term not exceeding two years, or to both,”
Data Commissioner Immaculate Kassait MBS reiterated ODPC's commitment to protect personal data and enforce compliance in the event of a breach of the laws.
"This is just one among many other complaints being investigated by the office. We want to assure the public that the complaints received will be investigated and concluded accordingly. All aggrieved members of the public are encouraged to continue sending their complaints via https://www.odpc.go.ke/file-a-complaint/,” she said.
Below are the names of the digital credit providers facing sanctions:
1. APESA/Zerox Technology Company Ltd
2. ASAPKASH/Joyot Technology limited
5. CASH SEA
8. CREDIT KES
9. CREDIT MOJA
10. Deltech Capital Limited/Mykes loan
11. DIRECT CASH
14. Flexi Cash
15. Hela Credit
17. IKASH Connect
20. KASH LOAN
25. LEMON KASH
26. LIONCASH/GROLA TECH LTD
31. POCKET CASH
32. PREMIER CREDIT LTD
33. ROCKET PESA
37. WAKANDA CREDIT/KASHWAY
38. Zash loan
39. Zenka Digital Limited
40. Zuri Cas