In response to allegations that Safaricom has been sharing customer data with the Kenyan government without proper authorization, CEO Peter Ndegwa firmly clarified the company’s data privacy policies.
He emphasized that Safaricom only shares user data when legally required through a court order.
This reassurance comes amid concerns from the public, particularly following protests where some believed Safaricom may have cooperated with authorities to track protest participants.
Ndegwa assured customers that Safaricom follows Kenya’s Data Protection Act strictly, protecting user privacy against unauthorized disclosure.
Ndegwa also addressed misunderstandings about the types of data Safaricom holds, explaining that Call Data Records (CDRs) do not contain real-time location information but are limited to records created after calls and messages, primarily for billing purposes.
This data, he noted, does not allow for continuous tracking or monitoring of customer movements, countering any perception that the company could be monitoring individuals in real time.
Safaricom’s commitment to privacy is further demonstrated by its recent ISO 27701 Privacy Information Management System certification, awarded by the British Standards Institute.
This certification validates Safaricom’s high standards in data management and privacy protections, reinforcing their stance that customer trust and data privacy are paramount to the company’s operations.
Safaricom maintains that it does not facilitate real-time monitoring of its users and aims to be transparent with customers regarding any data-sharing practices.
