MOMBASA, Kenya – Reachout Centre Trust (RCT) an anti-drug organisation has stepped up efforts to strengthen confidentiality and ethical service delivery by training its staff and outreach workers on data protection and privacy following its accreditation by the Office of the Data Protection Commissioner (ODPC).
The training equipped frontline personnel with practical knowledge on the responsible collection, storage, processing and sharing of personal information in compliance with Kenya’s Data Protection Act, 2019. Participants drawn from the Data, Communication, Advocacy and Health were also taken through the principles of informed consent, secure record management and the legal responsibilities that come with handling sensitive health information.
Speaking during the training, Reachout Centre Trust Executive Director Taib Abdulrahman said organisations working with people recovering from substance use disorders have a duty to establish clear policies and procedures that protect the privacy of those seeking help.
He said outreach workers often receive highly sensitive personal information from clients during counselling sessions, home visits and community outreach programmes, making confidentiality a critical component of quality care.
“Many of the people we serve share deeply personal information about their health, family situations and recovery journeys. That information belongs to the client—not to Reachout Centre Trust or to any member of staff. It must never be shared with anyone unless the client has freely given written consent or where disclosure is permitted under the law,” Abdulrahman said.
He noted that the training was intended to ensure all staff understand their responsibilities when handling personal data, whether they are conducting outreach in the community or serving clients at the organisation’s facilities.
“Our responsibility extends beyond offering treatment and psychosocial support. We must also protect the dignity, privacy and rights of every individual who entrusts us with their personal information. Strong internal policies and continuous staff training are essential in ensuring that confidentiality is maintained at every stage of service delivery,” he added.
Under Kenya’s Data Protection Act, 2019, organisations that collect or process personal information must do so lawfully, fairly and transparently. Personal data should only be collected for specified purposes, kept securely and disclosed only with the data subject’s consent or where the law expressly permits. The Act gives every individual the right to know how their information is used, to access it, request corrections where necessary and object to unlawful processing.
The law also provides significant penalties for misuse of personal data. Depending on the nature of the breach, organisations may face administrative fines of up to Sh5 million or one per cent of their annual turnover, whichever is lower, while certain offences may attract criminal penalties, including fines of up to Sh3 million, imprisonment for up to 10 years, or both.
For organisations supporting people recovering from substance use disorders, adherence to these standards is not only a legal obligation but also a vital safeguard against stigma, discrimination and loss of trust. By strengthening the capacity of its outreach workers, Reachout Centre Trust says it is reinforcing a culture where confidentiality remains central to recovery, dignity and person-centred care.
