Weekly Brief: Retention of ID cards by private security guards and the risks it poses

Dear Listers,

The J*owie Irungu and Jackie Maribe case concluded Friday.* Jowie was found
guilty as charged in the murder of Monica Kimani, while Maribe was
acquitted. The most interesting thing from the case, as revealed by Justice
Grace Nzioka, is that the deceased’s ID was stolen at Maribe’s apartment
security point, where private security guards are likely to have retained
ID copies or scanned information. This stolen ID was then used to access
Monica’s apartment building, highlighting the potential consequences of
such practices.

Cherie Oyier – Program Officer for Women Digital Rights, KICTANet, says it
raised issues on:

– *Lack of data minimization and storage limitation*
– *Inadequate training of security personnel on data protection:*
– *Absence of data protection policies in private security companies*

The judgement came after our Webinar *on Privacy Perspectives: Surveillance
of AirBnBs and Operationalization of Section 48 of the Private Security
Regulation Act.* Our guests, Dr Laibuta Mugambi, Cherie Oyier and Grace
Mutung’u, shared their perspectives:

– *The legality of the directive:* Dr Laibuta argued that the directive
requiring surveillance of AirBnBs by private security companies is illegal
because it was issued without the necessary regulations and violates the
Data Protection Act.
– *Need for regulations:* All three speakers agreed that regulations are
needed under Section 48 of the Private Security Regulation Act to provide a
legal framework for data collection and processing by private security
– *Data protection concerns:* Cherie Oyier and Grace highlighted several
data protection concerns, including a lack of data minimization and storage
limitation practices, Inadequate training of security personnel on data
protection, Absence of data protection policies in many private security
companies, Lack of oversight of the industry by the Office of the Data
Protection Commissioner.

*Recommendations: *

– Dr. Laibuta proposes several actions, including the stoppage of
illegal directives by the regulator.
– Development of regulations under Section 48 in collaboration
with relevant stakeholders.
– Assessment and audit of private security companies’ compliance
with data protection laws.
– Data inventory, retention schedule, and privacy notices.
– Appointment of Data Protection Officers by private security
– Clear contractual agreements between security companies and
property owners.
– Establishment of data breach and incident management processes.
– Registration of private security companies with the Office of
the Data Protection Commissioner.

– Cherie Oyier emphasized the need for training on data protection
for security personnel and collaboration between the public and private
sectors to address these issues.

– Grace suggested a broader conversation about the purpose of data
collection, the potential for techno-solutionism, and the need for
alignment between the Data Protection Act and other relevant laws.

Overall, there was consensus among the speakers that the current situation
regarding data collection by private security companies in Kenya is
problematic from a legal and data protection perspective. They called for
urgent action to address these concerns through regulations, enforcement,
and improved industry practices.

*Stay informed on critical issues shaping Kenya’s digital landscape!*

1. *Kenyan Security Measures Eroding Civic Space?* This multi-part
research project was conducted by ARTICLE 19 Eastern Africa, Kenya ICT
Action Network (KICTANet), The Centre for Human Rights and Policy Studies
(CHRIPS), and HAKI Africa, revealing widespread harm inflicted on human
rights and fundamental freedoms. This research comes at a crucial time for
Kenya, as the country grapples with balancing security concerns with
upholding human rights and democratic values. The reports
focused on “The Impact of the Prevention of Violence Extremism (PVE),
Counter-Terrorism, and National Security Measures on Civic Space in Kenya.”
2. *KICTANet Champions Strategic ICT Investments in Kenya’s 2024/25
Budget:* We participated in the Institute of Economic Affairs’ Open
Pre-Budget Hearing on January 30, 2024, to advocate for strategic ICT
sector investments in Kenya’s budget for the fiscal year 2024–25. Read
our full budget proposal for detailed insights.
3. *Kenya’s Digital ID Stalled: Learning from Past Mistakes or Repeating
Them? *In this article
Mr John Walubengo raises concerns about stalling Kenya’s national digital
ID program. He says learning from past mistakes and ensuring transparent,
inclusive, and rights-respecting implementation will be key going forward.

Enjoy the weekend!