The Office of the Data Protection Commission (ODPC) has named Tala and Branch among 40 Digital Credit Providers (DCPs) for suspected personal data breaches.
Unauthorized individuals are exposed to confidential, sensitive, or protected information as a result of a data breach. Data breach files can also be viewed or shared without permission.
Following public complaints about the processing of personal data, the 40 digital lenders will be subjected to a preliminary documentary review.
According to the ODPC, by September 30, 2022, it had received 1,030 complaints and admitted 555 of them, with half of them (54%) relating to digital credit providers.
Zenka Digital, Zuri Cash, Premier Credit, Credit Moja, and Hela Credit are among the other DCPs being investigated for data breaches, as are Apesa, AsapKash, Cash, Cash Sea, CollectPlus, Coopesa, Credit Kes, Credit Moja, Deltech Capital Limited, and Direct Cash.
FairKash, FlashPesa, Flexi Cash, Hela Credit, Hikash, iKash, Connect, InstarCash, iPesa, Kash Loan, KashBean, KashPlus, Kashway, KesLoan, Lemon Kash, LionCash, and M-Credit were also mentioned.
Premier Credit Ltd, Rocket Pesa, Senti, SkyPesa, Zash Loan, Zenka Digital Limited, Zuri Cash, PapCash, Pocket Cash, MetaLoan, and MoKash round out the list.
The DCPs must provide the Data Commissioner Office with the necessary documents by October 18, 2022, or they will be deemed unwilling to cooperate with the office.
Following an alleged violation of Kenya’s Data Protection Laws, the ODCP also issued an enforcement notice to Aga Khan University Hospital.
“A complaint was raised by a patient to the Data Commissioner that after visiting the Hospital, a staff later inappropriately contacted the complainant contrary to Sections 25, 41 and 46 of the Data Protection Act, 2019,” said ODPC.
“In exercise of the Powers of the ODPC, the Data Commissioner directed the Hospital to outline specific measures it will take to mitigate or eliminate the breach/ contravention and to rectify and/or put in place structures within which the measures shall be implemented within 30 days.”
The audit of the DCPs comes as the credit providers are regulated by the Central Bank of Kenya (CBK), which has also imposed strict rules against personal data breaches.
On September 19, the CBK announced that it had licensed 10 DCPs and was continuing to review 278 applications.
