Digital lending firms have been warned against contacting the family and friends of persons they lent money to in the event that they default on their payments or fail to pay them on time.
When registering for the loans, the platforms typically request their clientele to submit the contact details of close associates as a means to ensure that they can easily track them down in case of defaults.
In the event of a default or late payment, the lending firms bombard the said contacts with endless phone calls and text messages asking them to ‘remind’ the loan applicants to clear their dues.
In some instances, the lending firms threaten to forward the names of their clients’ associates to Credit and Reference Bureaus (CRBs), lest they themselves clear the loans.
Data Protection Commissioner Immaculate Kassait however notes that such acts are illegal since the lending firms only agreed to disburse funds to loan applicants and not their family or friends.
“Why should they call people who have never asked them for money? They should deal with their clients and not people related to the clients,” Kassait said in an interview with the Nation.
The development comes after Mulla Pride Ltd, a digital credit provider (DCP) that operates as KeCredit and Faircash mobile lending apps, was fined Ksh.2.98 million for sharing the contact information and names of loan applicants with third parties.
In October 2022, the Office of the Data Protection Commission (ODPC) flagged 40 Digital Digital Credit Providers (DCPs) over suspected personal data breaches.
A data breach exposes confidential, sensitive, or protected information to unauthorized persons. Files in a data breach can also be viewed or shared without permission.
The 40 digital lenders were set to undergo a preliminary documentary assessment after complaints were raised by members of public over the processing of personal data.