The Aga Khan University Hospital is in trouble with the Office of the Data Commissioner over a breach of personal data privacy by one of its employees.
In a statement to newsrooms, Immaculate Kassait, the Data Commissioner said a patient had filed a complaint after one of the staff at the hospital contacted them ‘inappropriately’, after visiting the facility for treatment.
Without going into details, Kassait said her office had issued an enforcement notice against the facility over a breach of Kenya’s Data Protection Laws.
“A complaint was raised by a patient to the Data Commissioner that after visiting the Hospital, a staff later inappropriately contacted the complainant contrary to Sections 25, 41 and 46 of the Data Protection Act, 2019. (The Act),” Kassait said.
The Data Commissioner said she had directed the hospital to roll out specific measures to prevent data breaches in the facility in the future. The measures shall be implemented within a month.
“In exercise of the Powers of the ODPC, the Data Commissioner directed the Hospital to outline specific measures it will take to mitigate or eliminate the breach/ contravention and to rectify and/or put in place structures within which the measures shall be implemented within 30 days,” she stated.
Aga Khan University Hospital warned
Kassait warned that any non-compliance will attract a fine of up to Ksh5 million or 2-year imprisonment, or both.
“Pursuant to Section 58(3) of the Data Protection Act, 2019, any person who, without reasonable excuse, fails to comply with an enforcement notice commits an offence and is liable on conviction to a fine not exceeding five million shillings or to imprisonment for a term not exceeding two years, or to both,” she added.
There's no story that cannot be told. We cover the stories that others don't want to be told, we bring you all the news you need. If you have tips, exposes or any story you need to be told bluntly and all queries write to us [email protected] also find us on Telegram
