The Public Service Commission (PSC) has shortlisted 12 candidates for interviews for the position of Data Protection Commissioner.
The Commission received 126 applicants following an advert that was placed in the print media and on its website on 18th August 2020.
The advertisement period ended on 8th September, 2020 with the Commission now inviting the public to participate in the interviews by submitting their comments on any of the candidates.
These interviews are scheduled to take place between Monday 21st September 2020 and Tuesday 22nd September 2020 at the Commission’s offices located at Harambee Avenue, Nairobi.
The public is invited to avail any credible information of interest relating to any of the shortlisted candidates, through sworn affidavits, to the Commission’s offices or online on or before 21st September 2020.
The Office of the Data Protection Commissioner is an office established by section 5 (i) of the Data Protection Act, 2019.
It is designated as a State Office in accordance with Article 260 (q) of the Constitution.
The Functions of the Office of the Data Commissioner are provided for in Section 8(1) of the Data Protection Act.
The holder will also be responsible for establishing and maintaining a register of data controllers and data processors while exercising oversight on data processing operations and verify whether the processing of data is done in accordance with this Act.
Other functions of the Data Commissioner include promoting self-regulation among data controllers and data processors, conducting an assessment to ascertain whether information is processed according to the provisions of the Act or any other relevant law.
The officer will also be receiving and investigating any complaint by any person on infringements of the rights under the Act.
The office will also be carrying out inspections of public and private entities to evaluate the processing of personal data.
The Data Protection Act of 2019, which was assented to by President Uhuru Kenyatta on 8th November 2019, gives the Commissioner sweeping powers on investigation of data breaches.
These include powers of entry and search and issuing administrative fines.
Where personal data has been accessed or acquired by an unauthorised person, and there is a real risk of harm to the owner of this data, a data controller is required to notify the Commissioner.
This authorised access or breach should be reported to the data commissioner within 72 hours of such an incident occurring.
Offences under the Act attract a fine of up to KSh 5 Million and or a term of imprisonment of up to 10 years.
With data usage and transmission on the rise, fuelled by more internet penetration and increased use of social media platforms, experts point out the need to ensure personal data is protected, processed and used for the correct purpose.
Kenyans are consuming more data today than ever before, owing to an increased uptake of smartphones, improved internet penetration and competitive data bundle prices.
In doing so, Kenyans are also generating and sharing more data about themselves than was possible before.
The consequences of leaking this personal information to an unauthorised platform or party constitute a serious breach to the privacy of personal information.
Figures from the Identity Theft Resource Centre in the US indicate that in 2019, this advanced tech market recorded 1,473 instances of data breaches, exposing about 164 million sensitive records.