Safaricom has announced plans to sundown showing customer details to merchants on the Lipa na M-Pesa platform, to protect subscribers’ data.
This follows a survey by consultancy firm Ernst & Young (EY) which showed that 41 percent of firms transferred client data to third-party service providers. More than 53 percent of these companies or 21.7 percent of firms captured in the EY survey did not seek the approval of their customers.
“At the end of June, phone numbers and full names of subscribers making transactions will no longer be relayed to partners,” Safaricom told merchants.
Read: Metropolitan Sacco Records Ksh9.3 Billion In Bad Loans
“Only the first name will be passed along and the phone number of the subscriber making the transaction will be masked. For example, if a person named John Doe with a phone number +254(redacted) makes a payment the only data that will be passed along is [John, +2547XXXXX654].”
By selling the data to third-party companies including advertisers, the merchants have been breaching privacy laws as stipulated in the Data Protection Act 2019.
“Pursuant to the Data Protection Act 2019 which came into law on 25th November 2019, Safaricom will be changing how they share data with Lipa Na M-Pesa Partners in general,” said Safaricom.
Read: Mystery Of Prisons Cleaner Eric Kipkurui Getting Ksh20k Salary, Now With Ksh257 Million Cash, Assets
“Safaricom and its partners are required to take action to minimise the use and transfer of sensitive data such as names and phone numbers during the processing of transactions.”
Individuals who breach the law risk a maximum fine of Ksh3 million or 10 years in jail, while firms risk a fine of up to Ksh5 million or one percent of annual turnover.
Read: Stephen Kiptinness Appointed Safaricom Chief Corporate Affairs Officer
