Safaricom has been fined Ksh.250k for using a customer’s national ID without her authorization.
The issue began when Murithi submitted her ID to Betcon Dickinson (BD), her former employer in 2021, as part of the employment process.
After she was terminated from the job, BD shared her ID with Safaricom to transfer the phone number to her personal account.
However, Murithi argued that she had not given her permission.
On the other hand, BD defended the transfer, claiming it was necessary, while Safaricom acted on his orders.
According to the Data Commissioner, Immaculate Kassait, Safaricom wrongly transferred the ownership of Catherine Murithi’s company phone number from her former employer to her ID shortly after her employment ended.
The act violated the Data Protection Act, which requires companies to inform individuals about how their data will be used and obtain consent.
Kassait’s ruling also found Murithi’s employer at fault for sharing her data with Safaricom without her consent.
“The first and second respondents (BD and Safaricom respectively) are hereby ordered to pay the complainant sh250,000 each for the infringement of her rights under the Act (Data Protection Act) and the unlawful processing of her data without her consent”, the ruling stated.
