Azura Credit Limited, trading as TruePesa, has been found capable of data privacy violation of an individual just over a month after it was fined Sh250,000 for a similar offence.
Data Protection Commissioner Immaculate Kassait has issued an enforcement notice to the company, compelling it to stop harassing Musa Wesutsa and his senior managers over a loan taken by one of his staff members employed at an unnamed company.
This follows a complaint filed by Mr Wesutsa with the Office of the Data Protection Commissioner (ODPC) that he and senior officials in his company have been harassed by Azura Credit representatives, attempting to recover a loan taken by a member in an organisation he runs.
ODPC investigations found that the complainant was listed as guarantor or referee by the said borrower, and Azura credit went on to collect his email address and phone number without notifying him or informing him of the purpose of the collection.
“This office finds the complainant’s rights under sections 26 (a) of the Act were violated by the respondent,” Ms Kassait said, adding that “the respondent did not fulfil its obligations provided for under the Act.”
The Data Protection Act of 2019 gives people the right to be notified or informed whenever their personal information is collected by an organisation, and the right to have it deleted at their request. Azura has been found to have violated both these rights.
This ruling, based on the complaint lodged in July this year, comes just over a month after a similar one, which was made on a complaint against the company in June for the same privacy violations.
Azura Credit was just licensed by CBK to operate the digital credit business in March this year.
In the previous determination by the ODPC, the regulator recommended the prosecution of the directors of the company for obstruction of the data commissioner, due to their efforts to derail Ms Kassait’s investigations into the complaints lodged against it.
