Safaricom has been penalized Sh250,000 for registering a SIM card using a customer’s national ID without her consent. The ruling, issued by Data Commissioner Immaculate Kassait, found that the telecom giant had improperly transferred ownership of Catherine Murithi’s corporate phone number from her former employer to her personal ID following her exit from the company.
This action violated the Data Protection Act, which mandates that companies must inform individuals about the use of their personal data and obtain explicit consent.
Murithi’s former employer, Becton Dickinson (BD), was also held accountable for unlawfully sharing her ID details with Safaricom without her approval. As a result, both BD and Safaricom were fined Sh250,000 each for processing her personal data without authorization.
Related Content: Longhorn And Safaricom Launch Digital Learning Tablets With The Focus On 1.5 Learners
“The first and second respondents (BD and Safaricom, respectively) are hereby ordered to pay the complainant Sh250,000 each for the infringement of her rights under the Data Protection Act and the unlawful processing of her personal data without her consent,” Ms. Kassait stated in her ruling.
The dispute arose after Murithi submitted her ID to BD in 2021 as part of her employment documentation. Following her departure, BD provided her ID details to Safaricom to facilitate the transfer of the corporate phone number to her personal account—without her explicit permission.
BD defended its actions as a necessary process, while Safaricom argued that it had merely followed BD’s instructions. However, the Data Commissioner ruled that both entities had breached data protection laws, leading to the imposed fines.
Related Content: Safaricom Moves To Court To Stop Payment Of Ksh 944 Million To A Developer Who Accused Them Of Stealing M-Pesa App Ideas
