Safaricom - 2021 Sustainable Business Report

38 SAFARICOM SUSTAINABLE BUSINESS REPORT 2021 / STANDING TOGETHER: GOING BEYOND //// OUR MATERIAL TOPICS / OUR STAKEHOLDERS / KPI SUMMARY To intensify our data privacy initiatives and awareness across the business, we have also: • Rolled out data protection e-learning for staff • Updated all our terms and conditions to include data protection • Embedded data protection clauses into our supplier contracts • Published privacy notice across all our digital channels • Implemented privacy by design for all our products and services. We regularly participate in public engagements with the Data Protection Commissioner on data protection legislation. Our data governance framework provides for the evaluation of compliance and reviews adequacy of the Data Protection Impact Assessment process as well as Privacy by Design principles for any data sharing. We conduct regular independent assurance over our privacy programme to ensure that any gaps are identified and dealt with promptly. By implementing all these processes and controls, we believe we have established a robust privacy programme. We continue to evolve this programme in line with international best practices and local regulations to ensure it remains current and responsive to emerging risks. MEETING THE CHALLENGE OF CYBER SECURITY According to the Communications Authority of Kenya’s sector statistics report for July to September 2020 there were 35.1 million cyber security incidents detected, representing an increase of 152.9% as compared to the previous similar period. The report noted that the increase in cyber threat attacks can be attributed to the move to working remotely and increased uptake of e-commerce in response to the COVID-19 pandemic. Our 24/7 Security Operations Centre, which is responsible for managing cyber security, acted swiftly to establish a virtual private network to ensure uncompromised data and systems security as staff transitioned to working from home. We believe that cyber security is a shared responsibility and are committed to working with all our stakeholders, including regulators, to combat this ever-escalating crime. To mitigate the risks associated with mobile money; in FY21 we developed our in-house solution – the Umbrella System Protection - to detect and respond to fraud impacting financial institution partners interacting with M-PESA. To date, 62 partners have adopted this solution. We also held a mobile money risk and controls forum for Savings and Credit Cooperatives (Saccos) in partnership with SASRA (Sacco Societies Regulatory Authority), which was attended by 254 participants. FUTURE FOCUS • Work at national level to mitigate the risks of cyber-attacks. • Continue to put our customers first by prioritising fraud management and data privacy to ensure our customers are protected.