Churches, landlords, learning institutions and security companies who use closed Circuit Television Cameras (CCTV) will be required to protect personal data captured in the devices. The regulations drafted by Kenya’s Data Commissioner Immaculate Kassait mimics EU’s data protection laws which seek to impose penalties on institutions that mishandle personal data.
This comes amid an increase in the adoption of CCTV cameras in homes and businesses in a move to boost security.
The regulations also require political campaigners, banks, gaming and betting companies, credit reference bureaus and taxi-hailing apps to obtain mandatory data controllers’ or processors’ certification before accessing personal information.
Data processors will be required to pay a Sh250,000 certification fee while business will be charged an annual renewable fee of Sh1,000 to Sh20,000 depending on the number of employees, turnover and the risk of exposure of personal information.
The Data Protection Act requires all processors to handle personal information lawfully, fairly and in a transparent manner. The data handlers will also be required to inform clients on the use of their data and correct or delete any false representations about them.
Sensitive data such as health status, marital status, sexual orientation, ethnicity, biometric data and names of children are also guaranteed special safeguard in the Act.
Additionally, the transfer of personal data out of Kenya is prohibited unless the data processors obtain express permission and prove that the information will be protected against misuse.