Data Protection and Experience of Stakeholders at the University of Nairobi

Abstract

Increasing usage of internet and computer machines over the last 30 years has increased the chances of cyberattacks, leakage of information and other unethical activity within large organizations. Kenya has laws that govern the data protection of any information stored but enforcement of such policies remains a challenge. The objectives of this study were to determine the compliance level of the university of Nairobi to data protection laws and the experiences the stakeholders have in relation to the data they have submitted to the University. Data was observed using a descriptive research design and data collected using a questionnaire administered to the stakeholders including students, teaching and non-teaching staff. Data analysis was done using SPSS version 26. Descriptive statistics including mean, frequency, percentages and standard deviations were used to determine the compliance level of the university to the data protection laws. Linear regression was used to determine how the data protection laws affect the experience of stakeholders at the university. The regression model, with predictors relating to the data protection laws demonstrated a statistically significant relationship with stakeholder experience, The variability in stakeholder experience in safety of their data and trust in the university can be attributed to the considered data protection laws. The study noted that the university had a high compliance level to the laws but a few gaps in compliance. The first gap was on the data protection principle of transparency where most respondents were not informed of the breaches that happened to their data. There was also non-compliance to the principle of integrity where respondents cited lack of control to their data, where the data could be changed without their authority and system instability that could cause errors and unauthorised modification to their data. Despite this, respondents had a high level of trust in the university policies of data protection and safety. They indicated would not make rush decisions in case of a breach. The study recommended the university to enhance their awareness campaigns on the breaches that happen, give more control to stakeholders and invest and upgrade their systems to strengthen data protection