Safaricom Admits Accessing Staff Personal Data and Transaction Information
These are the former Safaricom Members of staff who have sued the company over alleged privacy violations, even as the telco denies that the handling of the information amounted to unlawful disclosure.
Black News 
Kenya’s leading Telcom, Safaricom, has admitted in court that it processed, reviewed and used the personal data and transaction information of former employees in Internal Probe.
These are the former Safaricom Members of staff who have sued the company over alleged privacy violations, even as the telco denies that the handling of the information amounted to unlawful disclosure.
In a replying affidavit filed at the Employment and Labor Relations Court in Nairobi, Safaricom says the data was handled during internal investigations linked to alleged conflict of interest, abuse of office, improper dealings with vendors and unexplained financial transfers involving persons associated with agencies and contractors engaged by the company.
The affidavit, sworn by Odhiambo Ooko, the Safaricom’s Chapter Lead for Employee and Labor Relations, states that the company used the petitioners’ personal data and transaction information for internal investigations, disciplinary proceedings, compliance reviews, fraud prevention, preservation of evidence, legal compliance and protection of Safaricom’s legitimate interests.
That admission is now at the centre of the privacy dispute because the former employees argue that Safaricom crossed the line.
On the other hand, the company insists the information was handled lawfully and only by authorized personnel, departments and professional advisers involved in investigations, legal compliance, litigation management and regulatory compliance.
Safaricom has further acknowledged that the petitioners have a right to privacy and protection of personal data, but argues that the right is not absolute and cannot be used to stop lawful investigations or prevent the company from cooperating with competent investigative agencies.
The Telcom firm denies publishing or publicly disseminating the employees’ private information, saying the petitioners have not identified the specific information allegedly disclosed, the persons to whom it was disclosed, the dates of disclosure or the prejudice suffered.
The case now raises a major question for the court on how far an employer can go in accessing and processing employee data during internal investigations, especially where transaction information and personal data are involved.
Safaricom wants the interim orders issued against it discharged, varied or clarified, arguing that broad privacy orders may interfere with its ability to defend itself, conduct internal governance processes and comply with regulatory or investigative obligations.
