Safaricom has been fined Sh250,000 for registering a SIM card using a customer’s national ID without her consent.
Data Commissioner Immaculate Kassait ruled that Safaricom wrongly transferred the ownership of Catherine Murithi’s corporate phone number from her former employer to her personal ID shortly after her employment ended.
This violated the Data Protection Act, which requires companies to inform individuals about how their data will be used and obtain consent.
Murithi’s former employer, Becton Dickinson (BD), was also found at fault for sharing her ID details with Safaricom without her permission. Both companies were ordered to pay Sh250,000 each for unlawfully processing her personal data.
“The first and second respondents (BD and Safaricom respectively) are hereby ordered to pay the complainant Sh250,000 each for the infringement of her rights under the Act (Data Protection Act) and the unlawful processing of her personal data without her consent,” wrote Ms Kassait.
The issue began when Murithi submitted her ID to BD in 2021 as part of the employment process. After her termination, BD shared her ID with Safaricom to transfer the phone number to her personal account. Murithi argued that she had not given consent for this.
BD defended the transfer as necessary, while Safaricom acted on BD’s instructions.
Email your news TIPS to Editor@nairobilawmonthly.com, and to advertise with us, call +254715061658 anytime of the day
