With the coming into force of the Data Protection Act in Kenya, Corporate Juror sat with Ms Rosemary Kimwatu, the Data protection Officer at KCB Bank Limited. In this interview, she tells us her story and highlights her involvement as a lawyer in the legal technology space. Ms Kimwatu delves deep into the
What is your background?
I’m a wife and mother of four, first born in a family of five siblings, family best sums up my background as they have had the greatest impact on who I am today. From a career perspective, I am a lawyer who first fell in love with technology, and I have had the privilege of being able to merge the two in my daily work.
How did you get there?
I’m a tech lawyer. I left high school knowing that I had a knowledge gap in technology and my uncle who was a techie guided me to undertake a diploma in IT. I went to university in the era of enforced gap years as one could only join the regular university programme after waiting for over a year, I took this time to get the diploma. After the Diploma in IT I joined the University of Nairobi for a law degree and later went to the Kenya School of Law.
My early career days were spent at a trade union representing workers in the food manufacturing industry and there wasn’t much in terms of tech interactions.
My next engagement was with Caritas Nairobi where we helped set up Caritas Microfinance Bank and I was so excited to handle tech contracts especially those for the core banking system and other tech platforms. The excitement was because I was finally able to dabble in tech law.
Soon after I joined a fintech Mo-De where I assisted their international money remittance business Wayawaya that was set to be delivered through a tech platform. That was a moment of excitement in my career as I was able to practice tech law on a daily basis but that didn’t last as expected as the business struggled.
I soon joined a public policy practice at Oxygene MCL where we helped various businesses including tech companies to navigate policy and regulatory affairs. Data protection formed a huge part of our tech advisory as the Data Protection Act was under formulation.
From there I joined Safaricom PLC’s public policy team and I couldn’t resist the opportunity to head KCB’s data protection function when the opportunity arose.
How best would you define your role?
On a daily basis I assist KCB Group’s subsidiaries to ensure data protection compliance across various jurisdictions. Data protection represents a cultural shift in how personal data is managed and my team and I work to ensure the requisite compliance as we impart a data protection culture.
What is unique about what you are currently doing?
As the data protection team we are the newest kids on the block in KCB whose banking operations have been in existence for over 100 years, we have the absolute pleasure of bringing in something new to an organisation that has a very rich culture.
Who are the other team members?
The data protection function at KCB Kenya is under the Risk Division headed by our leader the Group Chief Risk Officer John Mukulu who is our vision bearer. My team includes Gideon Kirui who is data privacy manager and Jimmy Kisomba who handles data privacy as part of the risk team in Uganda.
Why is Data Protection important to organizations? Why should lawyers pay special attention?
The Data Protection Act was passed in November 2019 and since then a regulator has been appointed, the Office of the Data Protection Commissioner. Data Protection presents an urgent compliance need that largely requires a cultural shift in the handling of personal data. Data protection laws all over the world have changed the dynamics of how corporations interact with personal data. The dynamic shift involves an enhanced level of control by data subjects over their data and the new legal obligations over handlers of personal data leading to changes in the handling of personal data by corporations. The main risks that may arise from a lapse in compliance includes both monetary and reputational losses.
Tell us about your involvement with the Internet Governance Forums.
In the course of my career I had the privilege of joining the Kenya ICT Action Network (KICTANet) which hosts the Kenya IGF. KICTANet is a multi-stakeholder Think Tank for ICT policy and regulation. The Think Tank is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
I started out as a volunteer and served as a tutor of the Kenya School of Internet Governance (KESIG) since 2016, in 2021 I was the headmistress of KESIG. I am currently serving as the Chair of the Kenya IGF Multistakeholder Advisory Group (MAG) where KICTANet through volunteers from various stakeholders including academia, civil society, corporates and the government work together to convene the Kenya Internet Governance Forum.
The Internet Governance Forum (IGF) is an open and inclusive multi-stakeholder forum where public policy issues related to key elements of Internet governance, such as the Internet’s sustainability, robustness, security, stability, and development.
The United Nations Secretary-General formally announced the establishment of the IGF in July 2006 and the first meeting was convened in October 2006.
The purpose of the IGF is to maximise the opportunity for open and inclusive dialogue and the exchange of ideas on Internet Governance (IG) related issues; create opportunities to share best practices and experiences; identify emerging issues and bring them to the attention of the relevant bodies and the general public,and contribute to capacity building for Internet governance.
The event brings together stakeholders representing government, the private sector, civil society, the technical and academic community, media, and the public in an informal setting for policy dialogue on Internet governance issues on an equal basis through an open and inclusive process. This type of cooperative engagement is usually referred to as the multistakeholder model of Internet Governance, which is one of the key features of the Internet’s success. This model is paramount to ensuring that the Internet remains sustainable for economic and social development.
The forums are localised and their outcomes feed into each other from country to sub-regional then regional level finally culminating in a report that is presented at the global level. The outcomes of the country level (Kenya IGF) feed into the regional level (East Africa IGF), continental level (Africa IGF), and ultimately at the global level (IGF). Previously, Kenya hosted the East Africa IGF in 2009 and thereafter, the global IGF in 2011 in Nairobi.
This year, the Annual Global IGF Meeting convened by the United Nations will be hosted by the Government of Ethiopia from November 28 to December 2, 2022, in Addis Ababa.
The Kenya Internet Governance Forum (KIGF) is an open and inclusive multistakeholder forum that annually brings together over 250 industry stakeholders representing government, the private sector, civil society, the technical and academic community, and the public to discuss Internet Governance. KICTANet has convened the Kenya IGF every successive year since 2008 in partnership with industry stakeholders, and this year commemorates the 15th Edition.
The outcomes of the Kenya IGF will feed into the African IGF and Global IGF. This year’s Kenya IGF week was held from June 27-30, 2022. The start of the KIGF engagement was the commencement of the KESIG a month before the IGF. We had activities and report launches during the entire IGF week. Alongside the national IGF, a youth IGF was convened a day before the event to bring in voices of young Kenyans to the national discussions.
This year’s global IGF theme is ‘Resilient Internet for a shared sustainable and common future’. The Kenya IGF theme was aligned to the global IGF theme and responded to the local context including the 2022 general election.
I have grown both personally and professionally through my engagements under KICTANet under the leadership of our convenor and CEO Grace Githaiga and the chairman Ali Hussein. The leadership of KICTANet which includes the rest of the trustees Barrack Otieno, Mwendwa Kivuva, Liz Orembo, John Walubengo and Victor Kapiyo have been great collaborators in catalysing ICT policy reforms in Kenya and internationally.
How do you innovate in your current role? How do you celebrate innovation? How do you encourage innovation?
Innovation is entrenched in our daily operations where we work alongside teams to ensure that data protection is incorporated in all our products and procedures. We innovate through leveraging on the technical expertise throughout the organization.
What are the emerging trends in the industry? What is the outlook for the legal profession?
In the data protection and privacy industry there is a lot of automation and systems to ensure data protection and privacy compliance. In the legal profession data protection is an emerging area of practice as corporations seek to comply with data protection laws in their jurisdictions of operation while many countries in Africa and other parts of the world put in place data protection laws.
Where next for you?
Throughout my career my current job has always been a foundation for my next job. The fact that I have traversed various industries yet they all somehow connect makes me a firm believer in Steve Job’s statement that “You can’t connect the dots looking forward, you can only connect them looking backwards”. Looking forward to the next dot as I ensure I do great justice to my current one.