Tala, Branch among 40 digital lenders flagged for personal data breaches
![Tala, Branch among 40 digital lenders flagged for personal data breaches Tala, Branch among 40 digital lenders flagged for personal data breaches](https://citizentv.obs.af-south-1.myhuaweicloud.com/65851/conversions/kk-og_image.webp)
Tala
and Branch have been listed among 40 Digital Credit Providers (DCPs) over
suspected personal data breaches by the Office of the Data Protection Commission
(ODPC).
A
data breach exposes confidential, sensitive, or protected information to unauthorized
persons. Files in a data breach can also be viewed or shared without
permission.
The
40 digital lenders are set to undergo a preliminary documentary assessment
after complaints were raised by members of public over the processing of
personal data.
By
September 30, 2022, the ODPC says it had received 1,030 complaints and admitted
555 of the complaints, half of which or 54 per cent relate to digital credit
providers.
Other
DCPs under audit for the data breaches include Zenka Digital, Zuri Cash,
Premier Credit, Credit Moja and Hela Credit, Apesa, AsapKash, Cash, Cash Sea, CollectPlus,
Coopesa, Credit Kes, Credit Moja, Deltech Capital Limited, and Direct Cash.
Also
listed were FairKash, FlashPesa, Flexi Cash, Hela Credit, Hikash, iKash, Connect,
InstarCash, iPesa, Kash Loan, KashBean, KashPlus, Kashway, KesLoan, Lemon Kash,
LionCash, M-Credit.
The
rest are: Premier Credit Ltd, Rocket Pesa, Senti, SkyPesa, Zash Loan, Zenka
Digital Limited, Zuri Cash, PapCash, Pocket Cash, MetaLoan, and MoKash.
The
DCPs will be required to provide the Data Commissioner Office with requisite
documents by October 18, 2022, failure to which they will be deemed as
unwilling to cooperate with the office.
The
ODCP likewise issued an enforcement notice against Aga Khan University Hospital
following an alleged breach of Kenya's Data Protection Laws.
"A
complaint was raised by a patient to the Data Commissioner that after visiting
the Hospital, a staff later inappropriately contacted the complainant contrary
to Sections 25, 41 and 46 of the Data Protection Act, 2019," said ODPC.
"In
exercise of the Powers of the ODPC, the Data Commissioner directed the Hospital
to outline specific measures it will take to mitigate or eliminate the breach/
contravention and to rectify and/or put in place structures within which the
measures shall be implemented within 30 days."
The
audit of the DCPs comes even as the credit providers fall under the regulation
of the Central Bank of Kenya (CBK), which also prescribed tough rules against
personal data breaches.
On September 19, the CBK indicated it had licensed 10 DCPs and was further reviewing 278 applications.
Want to send us a story? SMS to 25170 or WhatsApp 0743570000 or Submit on Citizen Digital or email wananchi@royalmedia.co.ke
Comments
No comments yet.
Leave a Comment