Aga Khan University Hospital on Data Commissioner’s radar after staff contacted patient ‘inappropriately’

By , K24 Digital
On Wed, 5 Oct, 2022 21:37 | 2 mins read
Aga Khan University Hospital on Data Commissioner's radar after staff contacted patient 'inappropriately'
ga Khan University Hospital, Nairobi. PHOTO/Courtesy

The Aga Khan University Hospital is in trouble with the Office of the Data Commissioner over a breach of personal data privacy by one of its employees.

In a statement to newsrooms, Immaculate Kassait, the Data Commissioner said a patient had filed a complaint after one of the staff at the hospital contacted them 'inappropriately', after visiting the facility for treatment.

Without going into details, Kassait said her office had issued an enforcement notice against the facility over a breach of Kenya's Data Protection Laws.

"A complaint was raised by a patient to the Data Commissioner that after visiting the Hospital, a staff later inappropriately contacted the complainant contrary to Sections 25, 41 and 46 of the Data Protection Act, 2019. (The Act)," Kassait said.

The Data Commissioner said she had directed the hospital to roll out specific measures to prevent data breaches in the facility in the future. The measures shall be implemented within a month.

"In exercise of the Powers of the ODPC, the Data Commissioner directed the Hospital to outline specific measures it will take to mitigate or eliminate the breach/ contravention and to rectify and/or put in place structures within which the measures shall be implemented within 30 days," she stated.

Aga Khan University Hospital warned

Kassait warned that any non-compliance will attract a fine of up to Ksh5 million or 2-year imprisonment, or both.

"Pursuant to Section 58(3) of the Data Protection Act, 2019, any person who, without reasonable excuse, fails to comply with an enforcement notice commits an offence and is liable on conviction to a fine not exceeding five million shillings or to imprisonment for a term not exceeding two years, or to both," she added.

At the same time, Kassait said her office is investigating 40 digital lenders linked to similar offences of personal data breaches.

The lenders are set to undergo a preliminary documentary assessment after complaints were raised by members of the public.

According to Data Commissioner Immaculate Kassait, as of September 30, 2022, her office had received 1,030 complaints from members of the public.

The office admitted 555 of the cases including 299 (54%) which were on Digital Lenders.

Digital lenders on the spot

The lenders include Apesa, Asap Kash, Branch, Cash, Cash Sea, Collect Plus, Coopesa, Credit Ksh, Credit Moja, Deltech Capital Limited/Mykes loan, Direct Cash, Fair Cash, Flash Pesa, Lexi Cash and Hela Credit.

Others are Hikash Kenya, Ikash Connet, Instar Cash, Ipesa, Kash Loan, KashBean, KashPlus, Kashway, Kesloan, Lemon Kash, Lion Cash/Grola Tech Ltd, M-Credit, Meta Loan, Mokash and PapKash.

Poket Cash, Premier Credit Ltd, Rocket Pesa, Senti, SkyPesa, Tala, Wakanda Credit/Kashway, Zash Loan, Zenka Digital Limited and Zuri Cas are also targeted in the new crackdown.

While encouraging members of the public to continue sending their complaints, Kassait expressed her commitment to protecting personal data and enforcing compliance in the event of a breach of the laws.

"This is just one among many other complaints being investigated by the office. We want to assure the public that the complaints received will be investigated and concluded accordingly. All aggrieved members of the public are encouraged to continue sending their complaints via," she stated.