The Office of the Data Protection Commission (ODPC) is currently auditing 40 digital credit providers (DCPs) following claims of data privacy breaches raised by members of the public.
A data breach exposes confidential, sensitive, or protected information to unauthorized persons. Files in a data breach can also be viewed or shared without permission.
The digital lenders in question are; Apesa, Asapkash, Branch, Cash, Cash Sea, Collectplus, Coopesa, Credit Ksh, Credit Moja, Deltech Capital Limited, Direct Cash, Fairkash, Flashpesa, Flexi Cash, Hela Credit, Hikash, Ikash Connect, Instarcash, Ipesa and Kash Loan.
Kashbean, Kashplus, Kashway, Kesloan, Lemon Kash, Lioncash, M-credit, Metaloan, Mokash, Papcash, Pocket Cash, Premier Credit Ltd, Rocket Pesa, Senti, Skypesa, Tala, Kashway, Zash Loan, Zenka Digital Limited and Zuri Cash were also featured on the list.
“This is just one among many other complaints being investigated by the office. We want to assure the public that the complaints received will be investigated and concluded accordingly. All aggrieved members of the public are encouraged to continue sending their complaints via https://www.odoc.go.ke/file-a-complaint/,” Data Commissioner, Immaculate Kassait said in an ODCP statement sent out to newsrooms on Wednesday.
In the statement, the ODPC noted that it had received 1,030 data breach complaints raised by concerned citizens, in regards to the aforesaid DCPs, as at September 30, 2022.
“The office admitted 555 of these cases including 299 which were on Digital Lenders, representing 54 percent of all cases admitted,” reads the statement seen by Citizen Digital.
According to ODPC, the digital lenders will be required to provide the body with requisite documents by October 18, 2022 failure to which they will be deemed to have failed to cooperate with the Office.
The ODCP likewise issued an enforcement notice against Aga Khan University Hospital following a alleged breach of Kenya’s Data Protection Laws.
“A complaint was raised by a patient to the Data Commissioner that after visiting the Hospital, a staff later inappropriately contacted the complainant contrary to Sections 25, 41 and 46 of the Data Protection Act, 2019,” said ODPC.
“In exercise of the Powers of the ODPC, the Data Commissioner directed the Hospital to outline specific measures it will take to mitigate or eliminate the breach/ contravention and to rectify and/or put in place structures within which the measures shall be implemented within 30 days.”
Established in November 2022, the Office of the Data Protection Commission (ODPC) is a State corporation whose key mandate is to regulate the processing of personal data, protect the privacy of individuals and to provide data subjects with rights and remedies to protect their personal data.