Data and information protection bill needs re-design, ISACA Kenya Chapter (Information Systems Audit & Control Association)

Michael Murungi, CEO of Kenya Law Reports, Roy AKalah, 
President of ISACA Kenya Chapter                                      
and  Paul Kukubo- CEO, Kenya ICT Board address
 the media at the event

Kenyans’ data and private information collected and stored by such firms as mobile operators, internet service providers and hospitals risk continued illegal use and even trading if the proposed Data protection Act is implemented in its current form. This is according to the Kenya Chapter of the international body for professionals’ in audit and information security -ISACA.
Addressing the Constitution of Kenya Implementation Commission (CIC), the over 1,000 experts-strong ISACA Kenya expressed fears that the proposed bills did not fully cater for information freedom and data protection needs even as it became apparent that Kenyans’’ data in hospitals and mobile operators remained vulnerable to misuse by researchers, commercial bodies and other predators.
“The proposed data protection bills and freedom of information bill is a step in right direction but lacks important emphasis for oversight,” ISACA Kenya Chapter President Roy Akalah told the CIC and the Kenya ICT Board.
Some of the professionals who spoke expressed concerns that the bill was not firm to institutionalize enough data protection and regulation responsibility and proposed that a commissioner for data protection and another for freedom on information work under same regulator to “ensure the balancing of the axis  for freedom and that of protection”.
Speaking during the event, Paul Kukubo, Kenya ICT Board’s CEO said the government was keen to work with industry experts and the private sector to ensure laws responded to needs and that this led to a competitive market for investment. “We have made great strides, but this piece of regulation remains important for our industry. It is encouraging to note such professional bodies as ISACA taking aggressive roles to we have a comprehensive law.”
ISACA Kenya Chapter, says a lot of data collected by private firms was being stored either locally or overseas  and regulation was as important as oversight to ensure protection of the data owners. Data protection and privacy, has been further complicated by the business outsourcing industry which is seeing information collected  from one location processed at another.
“We are proposing certain changes to the bills in a bid to ensure that private information and data is protected at the various levels while still protecting freedom of information,” said Michal Murungi, CEO of Kenya Law Reports (KLR) who reported the body’s findings and recommendations on the new laws to the CIC and Kenya ICT Board.
ISACA Kenya’s task force was composed of legal and regulatory experts as well Information Security professionals from leading corporate bodies in Kenya who observed that similar legislations in US, South Africa, India, Malaysia and the UK differed from the one proposed on implementation framework.