We are living at a time when protection of personal data has become an issue of concern for individuals as well as organizations. This is necessitated by the fact that nowadays our reliance on technology has meant that there are vast amounts of data collected by various organizations. Hence the need for these organizations to have adequate systems in place to ensure their customer’s data is kept private and secure. Which is why the news that Safaricom has obtained the ISO 27701 Privacy Information Management System (PIMS) certificate was music to my years.
The certification was granted to Safaricom after a comprehensive evaluation by the British Standards Institute (BSI). This is the highest certification an organization can attain in management of privacy information systems, as a data controller or processor. The certification was issued on 16th October 2024 after they assessed Safaricom’s levels of implementation of customer support, billing services, M-PESA and data center operations.
For those who may not be in the know, ISO 27701 is an international standard that provides guidelines for establishing, implementing, maintaining, and continually improving a PIMS. It helps organizations identify potential risks related to privacy breaches and outlines measures to mitigate these risks effectively.
The assessment conducted by BSI took into account various elements related to the telco’s operations, including effective system controls for the protection of personal information, implementation of relevant policies including the Data Protection Policy. It also covered Customer Relationship Management (CRM), IP Contact Centre (IPCC), Tibco, Converged Billing System (CBS), Voucher Management System (UVC), M-PESA G2, M-PESA Statement Portal, M-PESA Super App, MySafaricom App, and the M-PESA business App.
Here are some of the benefits of acquiring the PIMS certification to Safaricom and its customers.
Enhanced Privacy Management
Safaricom has been able to strengthen their privacy management by using ISO 27701 to build and enhance personal information management procedures. This will also help the telco comply with regulations, which will go a long way in enhancing customer happiness and confidence.
Regulatory Compliance
Kenya enacted the data privacy act in 2019, this act contains stringent laws governing data privacy in the country. By acquiring the ISO 27701 Privacy Information Management System certificate, Safaricom is showing compliance with these rules which will essentially help the telco avoid fines and penalties that might arise due to data breaches.
Risk Management
It will help Safaricom to stop or lessen possible breaches of personal information by detecting and managing privacy issues. This will help the company to avoid losing money and harming their reputation in the event of a data breach.
Competitive Advantage
With the ISO 27701 accreditation in place, Safaricom is essentially setting itself apart from the competition. Which is an advantage in a market like ours where customers value their privacy.
Continuous Improvement
The ISO 27701 standard has a constant improvement philosophy. As a result, businesses such as Safaricom who adopt it are urged to examine and enhance their privacy management on a regular basis. This means that moving forward we can only expect that they will get better at securing our data.
Cost Savings
Overtime, the ISO 27701 certification will help an organization to avoid the costs of data breaches, such as penalties, remediation work, and lost revenue, by assisting in their prevention. Which is beneficial to both the telco and customers.