Every day millions of Kenyans use their phones for M-PESA transfers, bill payments, banking, shopping and communication — activities that produce valuable personal data. Safaricom has responded by embedding privacy into product design, rolling out features that reduce unnecessary exposure of customer information and continuing public education on fraud and account security.
## Why personal data matters in everyday services
Every interaction with a digital service leaves a trace. Names, phone numbers, ID numbers, transaction records, biometric identifiers, device location and login credentials can all identify a person directly or when combined with other data. That information is necessary for verification, payments and support, but it becomes a liability when misused: a phone number can enable impersonation, an exposed one‑time code can unlock financial accounts, and accumulated details can feed targeted scams.
## What customers can expect under Kenya’s rules
Kenya’s Data Protection Act gives individuals rights over how their information is collected, processed and stored. Customers are entitled to know why data is collected, how it will be used, who may access it, how long it is retained, and how to correct inaccuracies. Those rights underpin the transparency organisations should offer before asking customers to share sensitive information.
## How Safaricom builds privacy into everyday services
Safaricom describes its approach as privacy by design: privacy considerations are integrated into services from the start. A concrete example is its P2P data minimisation for M-PESA transfers. After a transaction, recipients now see the sender’s first and last name and a partially masked mobile number rather than the full number. If further details are needed, recipients must request access through a secure verification process and the sender decides whether to grant consent. This limits unwanted follow-up contact with casual service providers such as boda boda riders or shop attendants.
The company has also enhanced My OneApp with biometric authentication for supported transactions, broader access across Wi‑Fi, roaming and other networks, and zero‑rated access once an internet connection is established. Alongside product changes, Safaricom continues to educate customers about scam recognition and how to report suspicious activity through official channels.
## Common online threats every Kenyan should recognise
– Phishing: Fraudulent SMS, email, WhatsApp or social posts impersonate trusted services to extract passwords, PINs or verification codes. Scams often create urgency—verify such requests through official apps or websites before responding.
– AI scams and deepfakes: Synthetic voices, images or videos can impersonate colleagues or family to coax payments or credentials. Slow

