Most Saccos in Kenya run the risk of incurring a penalty of Sh5 million each for failing to comply with the data protection act and manage the information they obtain from members.
This is according to the latest report released today by a Cyber Security Consulting firm Serianu, following an extensive survey among Sacco leaders and managers across the country.
Other than the mismanagement of information obtained from staff, members and customers, additional key findings include insufficient technology, low vendor security levels, increased mobile attacks on mobile transactions in the Sacco and the need to embrace working practices especially during this Covid-19 pandemic.
Serianu Chief Operations Officer, Joseph Mathenge cautioned that while more Saccos are quickly embracing digital technology to transform their operations, there was still a high level of unpreparedness to implement the data protection law for their members and customers.
“Our research indicates that Saccos are increasingly investing more resources in technology and security but most of them are still unprepared for the Data protection law,” said Mathenge.
The COO noted that Saccos were lagging behind on the security of the systems even as they ramped up investments in technology and digitization which he said exposed them to risks of losing at least Sh10 million per transaction.
The Chief Executive Officer of SBO Research Dr. Catherine Ngahu delivering her keynote speech during the launch of the report, encouraged Kenyan Saccos to foster radical initiatives such as sharing technological infrastructure, merging to achieve larger economies of scale and implementing better member engagement programs.
The CEO said if these steps are followed Saccos had the potential to double the current national Sacco membership which currently stands at about 3.5 million giving the sector an additional Sh200 billion in assets.
Ngahu said that Kenyan Saccos should focus on increasing youth membership as opposed to only the senior citizens. She said this will salvage Saccos negative perception especially amongst the youth who view them as meant for older people.
An advocate of the high court Mr Mugambi Laibuta, who was among the invited guest speakers, delved extremely on the data protection act of Kenya where he triangulated the scope of data to be protected as traversing across the entire firm, from the board of directors, managers, staff through to the customers.
The lawyer emphasized on the need to tackle the field of data protection with such prowess especially in the wake of modern cyber-attacks, lack of innovation in data governance, and lack of auditing of the vendor system.
As Serauni made its third consecutive successful launch of its annual report, the implication is clear, all firms and not limited to Saccos, should adopt and comply with the logistics and parameters required by article 31 on data protection through the premise; Re-imagining IT sourcing in the digital age.
By Catherine Muindi and Michael Omondi