Friday, May 07, 2010

ARE OUR COMPANIES PRACTISING DUTY OF CARE

Last week we established that our personal information has now become traceable and sellable due to the recent advances of ICT technology in Kenya. We noted that our local corporate bodies have traditionally being crucial custodians of our information and they have a duty of care in looking after it. It is now more important than ever to understand what social and legal obligation our local companies have to us in relation to the personal data they store.

Duty of care is a legal principle. It means that one must take reasonable steps to ensure their actions do not knowingly cause harm to another individual. In the context of personal information, it essentially means that the government, companies and owners of large databases would treat them as valuable data depositories that should be secured.

The flip side of duty of care is negligence, which is carelessness. This is a failure to take reasonable care for the safety or well-being of others. The primary rider here is that negligent actions address issues of “reasonableness” or, put simply, what the reasonable person might have done or not done in the circumstances of a particular case. When dealing with information the question of whether reasonable security is implemented to protect it is addressed.

Kenyans should therefore demand professionalism from our firms. ICT security is a major pillar in any company that expounds its professionalism. These firms should build systems that are secure by design. It is unfortunate that what usually happens is that computer systems are designed with business functionality as the number one priority. The ICT security guys are usually involved at the end of the systems development cycle where they are required to patch up the security as best as they can.

For Kenyans to entrust their information, money and other resources in the burgeoning technological industry, companies must avoid data breaches. Sometimes data breaches do happen. In this kind of situation a company can be liable if it cannot prove that it had implemented a reasonable and robust security framework around its ICT systems.

E-commerce will inevitably boom as technology percolates to more Kenyans. When you have Kenyan companies building more secure systems this will feed through into trust which will then translate into Kenyans being attracted to companies they have faith in. This trust will only come through when they know that their personal information is secure. This sense of security will ultimately give the few companies who have invested in ICT security a competitive edge.

No comments: