Kenya’s President, Uhuru Kenyatta has formally appointed former IEBC director Immaculate Kassait as the country’s first Data Commissioner.
This was announced by the Speaker of the National Assembly in Parliament as a message from the President. Ms Immaculate Kassait was appointed in accordance to section 6 (4) of the Data Protection Act 2019 as described by the Speaker. Her nomination will be considered by MPs within 21 days
This is after months of waiting as the government sifted through applications that were put forward after the job was posted public.
Ms Immaculate Kassait served as the Director of Voter Education Partnership and Communication at IEBC. She was also served as the Director of Voter Registration and Electoral Operations at IEBC for 9 years, worked as the Programme manager at the Institute for Education in Democracy for 4 years and worked as the Programme Officer at FIDA Kenya. She got her Bachelor’s degree in Law from Makerere and her Post Graduate Diploma in Law from KSL and has a MBA from USIU.
4 months ago, the State shortlisted 10 candidates for the position of the Data Commissioner which was more than 7 months of waiting after the Data Protection Bill was made into law in November 2019.
The post of the Data Commissioner had a number of qualifications attached to it. They needed to have a degree in Data Science, Law, IT or any other relevant field. They also needed to hold a Masters Degree, have knowledge and relevant experience of not less than 10 years and met the requirements of Chapter six of the constitution. The Data Commissioner shall be appointed for a single term of six years and will not be eligible for re-appointment.
There are a lot of responsibilities attached to the post of the Data Commissioner. These include:
- overseeing implementation of and being responsible for enforcement of the Data
- establishing and maintaining a register of data controllers and data processors;
- exercising oversight on data processing operations and verify whether the processing of data is done in accordance with this Act;
- promoting self-regulation among data controllers and data processors;
- conducting assessment for the purpose of ascertaining whether information is processed according to the provisions of the Act or any other relevant law;
- receiving and investigating any complaint by any person on infringements of the rights under the Act;
- taking such measures as may be necessary to bring the provisions of the Act to the knowledge of the general public;
- carrying out inspections of public and private entities with a view to evaluating the processing of personal data;
- promoting international cooperation in matters relating to data protection and ensure country’s compliance on data protection obligations under international conventions and agreements;
- undertaking research on developments in data processing of personal data and ensuring that there is no significant risk or adverse effect of any developments on the privacy of individuals; and
- performing such other functions as may be prescribed by any other law or as necessary for the promotion of object of the Act.