The Office of the Data Protection Commissioner (ODPC) has issued a penalty notice against two companies, digital credit provider, Whitepath Company and city co-working space provider Regus Kenya. The companies have been fined Ksh. 5 million each for contravening data protection laws.
The data regulator said the companies accessed mobile phone contacts and sent unwarranted and unsolicited text messages to some users. The regulator reported it had received more than 150 complaints from the public lodged against the two companies.
In a statement, ODPC the companies failed to respond to notices sent to them over the same allegations.
“Additionally, the WhitePath Company staff have been harassing the complainants and their contacts irregularly obtained from their phone books. On the hand, the complaint against Regus alleged frequent spamming of automated improper information to the complainants despite attempts to make the respondent to stop,” a statement by the ODCP said.
Kenya introduced the Digital Credit Providers (DCP) regulations last year, in response to numerous complaints about the misuse of data by digital lenders. Since the Central Bank of Kenya(CBK) started issuing licenses to DCPs, only a handful have been licensed with WhitePath missing from the list.
Data Commissioner Immaculate Kassait said, “ Data protection is the responsibility of every data controller and processor and it must be the company’s top priority when they collect, process, or store personal information.
The commissioner further challenged businesses to protect personal data by all means possible and cooperate with the ODPC to avoid penalties.