Telecommunications company Safaricom PLC has issued a statement addressing ongoing discussions about data privacy and the sharing of customer information with security agencies and other third parties.
The statement follows accusations by some members of the public accusing the company of playing a role in the recent abductions witnessed.
The company reasserted its commitment to strict adherence to data protection laws and maintaining customer trust through transparent and responsible data management practices.
Upholding data pivacy and compliance with court orders
Safaricom made it clear that they respect their customers’ privacy, operating strictly within the framework of the country’s data protection laws.
READ: KRA to monitor M-Pesa paybills for tax evasion with new ETR system
According to the statement, Safaricom does not share customer information unless mandated by a court order.
"We respect our customers' privacy and adhere strictly by the country’s data protection laws. As such, we do not share any customer data unless explicitly required of us via a court order," the company stated.
Call data records and customer privacy
To provide clarity on the types of data Safaricom handles, the company explained the purpose of Call Data Records (CDR).
These records are used solely for billing purposes and do not contain live location information or movement data.
The CDRs are generated only after a call has ended and for text messages once they have been sent or received.
"A customer’s Call Data Record (CDR) does not show any live location and movements of customers but are generated after a call is terminated and for text messages once they are sent or received and this is for purposes of billing only," Safaricom explained.
READ: Safaricom warms up to partnering with Starlink as competition heats up
Enhancing fraud management and customer protection
In July 2012, Safaricom took a proactive step in fraud management by partnering with Neural Technologies, a global company that supports telecom and utility providers in over 30 countries.
This partnership enabled Safaricom to implement a comprehensive Fraud Management System (FMS) across its services, including its mobile money platform.
The FMS detects and prevents fraud without any third-party access, reinforcing Safaricom’s commitment to customer protection.
Certification and commitment to privacy standards
Recently, Safaricom mentioned that it also achieved the ISO 27701 Privacy Information Management System (PIMS) certification, awarded by the British Standards Institute (BSI).
"This is the highest certification an organisation can attain in management of privacy information systems, as a data controller or processor, a testament to our commitment to preserve our customer privacy and provide a worry-free experience on our network," Safaricom noted.
READ: Safaricom clarifies Sh104.8B investment in Ministry of Health's digital healthcare plan
Safaricom concluded by reassuring its customers of its ongoing commitment to transparent communication and responsible data practices.