OpenCHSai Data Security and Privacy Protection Policy

Harnessing AI Capabilities for the Protection of Children in Kenya, Uganda

TABLE OF CONTENTS

• 1. INTRODUCTION
• 2. EXECUTIVE SUMMARY
• 3. POLICY STATEMENT
• 4. ETHICAL PRINCIPLES
• 5. DEFINITIONS
• 6. LEGAL AND REGULATORY COMPLIANCE
• 7. DATA GOVERNANCE FRAMEWORK
• 8. DATA COLLECTION PRINCIPLES
• 9. SPECIAL CONSIDERATIONS FOR CHILDREN’S DATA
• 10. DATA PROCESSING ACTIVITIES
• 11. DATA QUALITY AND INTEGRITY
• 12. DATA SECURITY CONTROLS
  • 12.1 Technical Measures
  • 12.2 Physical Measures
  • 12.3 Organizational Measures
• 13. DATA RETENTION AND DISPOSAL
• 14. DATA SUBJECT RIGHTS
• 15. DATA SHARING AND DISCLOSURE
• 16. AI ETHICS AND ALGORITHMIC TRANSPARENCY
• 17. INCIDENT RESPONSE AND DATA BREACH MANAGEMENT
• 18. TRAINING AND AWARENESS
• 19. MONITORING, AUDITING, AND REVIEW
• 20. ENFORCEMENT AND DISCIPLINARY ACTIONS
• 21. APPENDICES

1. INTRODUCTION

The OpenCHSai was conceived as a collaborative effort between BITZ IT Consulting Ltd and the Governments of Kenya and Uganda to improve the responsiveness, accuracy, and integrity of child welfare interventions. In leveraging advanced artificial intelligence capabilities such as speech recognition, multilingual natural language processing and predictive case triaging, this tool holds the potential to significantly strengthen frontline child protection services in Kenya, Uganda and across the region.

However, BITZ recognizes that the very technologies that enable progress also introduce risks, particularly for vulnerable groups such as children, families in crisis, and marginalized communities. These risks may include data breaches, algorithmic bias, or privacy violations, each of which could undermine the public’s trust and the tool’s effectiveness.

This policy has therefore been developed to serve a dual purpose: to ensure strict compliance with applicable data protection laws and international standards, and to embed ethical safeguards that anticipate and address emerging challenges in the use of AI for social services.

The document provides a comprehensive framework for how BITZ collects, processes, secures, shares, and deletes sensitive personal data in accordance with regional legal requirements and global best practices. It also introduces a set of ethical principles that reinforce BITZ’s responsibility to act in the best interests of children, respect the autonomy of data subjects, and ensure that any harm, intentional or accidental, is mitigated swiftly and transparently.

By articulating these commitments clearly, BITZ aims to foster a shared understanding among stakeholders, including governments, service providers, civil society organizations, and the communities they serve, about how data is responsibly handled in the collective pursuit of child safety and protection.

2. EXECUTIVE SUMMARY

This Data Security and Privacy Protection Policy outlines the ethical, legal, and technical commitments of BITZ IT Consulting Ltd in its role as the Data Processor for OpenCHSai, an AI-powered child abuse reporting tool, developed in partnership with the Governments of Kenya and Uganda. The tool is designed to enhance child welfare outcomes by enabling timely, accurate, and secure reporting of child protection concerns, while upholding the highest standards in data handling and human rights.

The policy affirms BITZ’s responsibilities under Kenya’s Data Protection Act (2019), Uganda’s Data Protection and Privacy Act (2019), the General Data Protection Regulation (GDPR), and HIPAA-aligned best practices. It also acknowledges the unique vulnerabilities of children and reflects international child safeguarding principles through both its operational and ethical frameworks.

Key components of the policy include:

• A Data Governance Framework that clearly delineates the roles and responsibilities of Data Controllers (the respective governments), BITZ (Data Processor), and any third-party vendors, supported by the appointment of a qualified Data Protection Officer (DPO).
• Privacy-by-design mechanisms such as data minimization, informed consent protocols, encryption, pseudonymization, and rigorous access controls across technical, physical, and organizational domains.
• Clearly defined procedures for data collection, processing, quality control, retention, and disposal, ensuring accuracy, transparency, and accountability throughout the data lifecycle.
• AI-specific governance, including fairness audits, explainability protocols, human-in-the-loop decision making, and bias mitigation strategies to protect against discrimination and unwarranted automated decisions.
• A robust incident response framework requiring breach notification within 24 hours and clear cooperation mandates with regulatory authorities.
• Commitments to ongoing training, audit, policy review, and community engagement to ensure continued effectiveness, legal alignment, and trust-building with stakeholders.

BITZ affirms that the protection of children's rights, data ethics, and institutional accountability are not mere add-ons, but foundational to the development, deployment, and management of all technology systems within this partnership.

3. POLICY STATEMENT

BITZ IT Consulting Ltd (“BITZ”) is dedicated to safeguarding the confidentiality, integrity, and availability of data processed through the OpenCHSai system. This policy affirms BITZ’s commitment to:

i) Protecting the rights and dignity of children and other vulnerable individuals.

ii) Complying with the Kenya Data Protection Act (2019), Uganda Data Protection and Privacy Act (2019), GDPR, and HIPAA-aligned best practices.

iii) Designing ethical, transparent, and accountable AI systems grounded in fundamental human rights, data ethics, and inclusive social impact.

BITZ acknowledges that compliance alone is not enough. Rather, robust ethical principles, covered in section 4, guide how BITZ interprets and upholds this commitment in complex and evolving real-world contexts.

4. ETHICAL PRINCIPLES

BITZ recognizes that responsible data governance in child protection is a moral as well as a legal responsibility. In all its work, BITZ embraces the following ethical principles:

i) Promote Human Well-being and Equity: BITZ applies its technical expertise to reduce harm, protect children, and promote the well-being of underserved populations. Special attention is given to the needs of vulnerable groups, ensuring tools are accessible, culturally responsive, and grounded in fairness across gender, region, language, and ability.

ii) Avoid Harm: BITZ implements safeguards to mitigate risks such as over-reporting, algorithmic bias, or community-level stigma. In the event of unintentional harm, BITZ is committed to corrective action, transparency, and learning. Harms are never taken lightly, even when indirect or unintended.

iii) Respect Privacy and Autonomy: BITZ handles personal data with the utmost sensitivity, employing privacy-by-design principles. Only data necessary to protect children is collected, and measures such as anonymization and pseudonymization help safeguard individual autonomy. Informed engagement is prioritized wherever feasible.

iv) Be Fair, Non-Discriminatory, and Inclusive: BITZ actively avoids technologies or practices that could entrench inequality. AI systems are audited for fairness, and human-in-the-loop design ensures that marginalized voices are not overshadowed by automation. The goal is to build trust across diverse communities.

v) Practice Transparency and Accountability: BITZ makes its system logic and limitations open to scrutiny by government partners and civil society. AI model behavior, risk thresholds, and decisions are documented to allow for meaningful oversight. Ethical integrity and professional honesty are hallmarks of BITZ's approach.

Together, these ethical principles serve as a guide for BITZ, ensuring that every aspect of the OpenCHSai system not only complies with the law but aligns with values of justice, humanity, and respect for the rights of every child.

5. DEFINITIONS

i) Personal Data: Any information relating to an identified or identifiable natural person.

ii) Sensitive Personal Data: Includes data revealing a child’s or children’s identity or identities, health, biometrics, ethnicity, location or other personally identifiable attributes.

iii) Data Controller: Governments of Kenya and Uganda, or their designated authorities or agents.

iv) Data Processor: BITZ IT Consulting Ltd.

v) Anonymization: Irreversible removal of identifying information.

vi) Pseudonymization: Substitution of identifying fields with coded references.

vii) Data Breach: Any unauthorized or accidental access, disclosure, or loss of data.

viii) Child: A person described as a child in the country of the reported incident and/or the country of which the victim is a citizen.

ix) Data Privacy: Compliance with data protection laws with a focus on how to collect, process, share, archive and delete the data.

x) Data Security: Measures that BITZ and partners shall take to prevent staff or any third party from unauthorized access.

6. LEGAL AND REGULATORY COMPLIANCE

BITZ shall comply with:

i) Kenya’s Data Protection Act, 2019.

ii) Uganda’s Data Protection and Privacy Act, 2019.

iii) General Data Protection Regulation (GDPR), where applicable.

iv) HIPAA principles, aligned with handling sensitive information.

v) Obligations under project-specific MOUs and contracts.

7. DATA GOVERNANCE FRAMEWORK

i) Data Controllers: The Governments of Kenya and Uganda, or their designated authorities or agents, serve as the Data Controllers. They retain full ownership of all personal and sensitive data collected through the OpenCHSai. As Controllers, they are responsible for determining the lawful basis, purposes, and means of data processing. This includes defining the scope of data collection, approving processing activities, and ensuring that all data handling aligns with applicable legal and ethical standards. They are also accountable for ensuring that data subjects’ rights are upheld and that appropriate oversight mechanisms, such as audits and compliance reviews, are in place.

ii) BITZ (Data Processor): BITZ IT Consulting Ltd acts as the Data Processor and is contractually bound to process data solely on documented instructions from the Data Controllers. BITZ does not determine the purposes or legal basis for processing but is responsible for implementing robust technical and organizational measures to ensure data confidentiality, integrity, and availability. This includes applying encryption, access controls, anonymization techniques, and secure data handling protocols. BITZ maintains detailed records of processing activities and supports the Controllers in fulfilling their legal obligations, including responding to data subject rights and conducting Data Protection Impact Assessments (DPIAs).

iii) Third Parties: Third-party service providers, such as cloud storage vendors, analytics firms, or language translation services and any others, may only be engaged by BITZ under strict conditions. These include prior written approval from the Data Controllers and the execution of legally binding Data Processing Agreements (DPAs) that clearly define the third party’s responsibilities, data protection obligations, and liability in the event of a breach. All third parties must demonstrate compliance with relevant data protection laws and undergo regular security assessments. BITZ remains fully accountable for ensuring that any third-party engagement does not compromise the security or privacy of the data.

iv) Data Protection Officer (DPO): BITZ shall appoint a qualified and independent Data Protection Officer (DPO) with the authority and resources necessary to oversee compliance with this policy and applicable data protection laws. The DPO will serve as the primary point of contact for data protection inquiries, monitor internal data handling practices, advise on DPIAs, and ensure that privacy-by-design principles are embedded into the OpenCHSai system. The DPO will also coordinate breach response efforts and liaise with regulatory authorities in Kenya, Uganda, and any other future data controllers.

8. DATA COLLECTION PRINCIPLES

BITZ shall ensure that all data collection activities adhere to the following foundational principles:

i) Lawfulness, Fairness, and Transparency: All personal data shall be collected and processed in a lawful manner, with clear justification under applicable legal frameworks such as the Kenya Data Protection Act, Uganda’s Data Protection and Privacy Act, GDPR and HIPAA. BITZ will ensure fairness by avoiding deceptive or coercive practices and will maintain transparency by providing clear, accessible privacy notices that explain what data is collected, why it is needed, how it will be used, and who it may be shared with.

ii) Data Minimization: BITZ will collect only the minimum amount of personal data necessary to fulfill the specific, pre-defined purposes. This includes limiting the scope of data fields, avoiding unnecessary identifiers, and regularly reviewing data collection forms and pipelines to eliminate redundant or excessive inputs.

iii) Informed Data Collection, with Consent Where Required: Where feasible and legally required, BITZ will obtain informed, freely given, and specific consent from data subjects or their legal guardians before collecting personal data. Consent mechanisms will be designed to be understandable, accessible, and age-appropriate. In contexts where consent is not required or is not feasible (e.g., urgent child protection interventions), BITZ will ensure that alternative legal bases are clearly documented.

iv) Enhanced Safeguards for Children’s Data: Recognizing the heightened vulnerability of children, BITZ will implement additional safeguards such as high-privacy defaults, age-appropriate language in disclosures, and strict access controls. Data collection interfaces will be designed to minimize the risk of accidental over-disclosure by children or caregivers.

9. SPECIAL CONSIDERATIONS FOR CHILDREN’S DATA

BITZ acknowledges that children merit specific protection under data protection laws due to their limited capacity to understand the implications of data processing. Accordingly, BITZ commits to the following:

i) Best Interest Standard in All Data Processing: All data processing activities involving children shall be guided by the principle of the child’s best interest, as articulated in the UN Convention on the Rights of the Child and reflected in the laws of Kenya and Uganda. BITZ will assess the potential risks and benefits of data use and prioritize the safety, dignity, and well-being of the child above all other considerations.

ii) Minimal Identifying Data Collection: BITZ will avoid collecting directly identifying information (e.g., full names, addresses, school names) unless absolutely necessary for the functioning of the child protection system for adequate emergency response. Where such data is required, it will be subject to strict access controls and promptly anonymized or pseudonymized during processing.

iii) Robust Anonymization and Child-Friendly Processing Design: BITZ will apply a layered anonymization pipeline that includes both automated de-identification and manual review to ensure that children cannot be re-identified from the data. Interfaces and tools will be designed with child-centric usability principles, ensuring that children’s interactions with the system are safe, respectful, and empowering.

10. DATA PROCESSING ACTIVITIES

BITZ shall carry out data processing activities in a secure, ethical, and accountable manner, with safeguards tailored to the sensitivity of the data and the vulnerability of the data subjects:

i) Speech Recognition: Audio recordings from helpline calls will be processed using secure, on-premise or encrypted cloud-based speech recognition systems. All data in transit and at rest will be encrypted using AES-256 or equivalent standards. Manual quality assurance checks will be conducted by trained personnel under strict confidentiality agreements to ensure transcription accuracy and cultural sensitivity.

ii) Natural Language Processing (NLP): NLP models will be used to extract meaning, sentiment, and urgency from multilingual text and speech data. All NLP pipelines will be designed to handle local dialects and languages spoken in Kenya, Uganda and any other future country. Data used for training and inference will be anonymized, and processing logs will be maintained to ensure traceability and accountability.

iii) Predictive Analytics for Case Triage: Predictive models will be developed to assist in prioritizing cases based on urgency, risk level, and historical patterns. These models will be trained exclusively on de-identified datasets and will be subject to regular fairness audits to detect and mitigate bias. All high-impact decisions (e.g., flagging a case as high-risk) will be subject to human review before action is taken, ensuring that automated outputs do not override professional judgment.

11. DATA QUALITY AND INTEGRITY

BITZ shall implement rigorous measures to ensure that all data processed through the OpenCHSai system is accurate, reliable, and fit for its intended purpose. This includes:

i) Regular Accuracy Checks: BITZ will conduct scheduled data validation routines to detect and correct inaccuracies, inconsistencies, or anomalies in both raw and processed datasets. These checks will be embedded into the data pipeline and model training workflows.

ii) Error Correction Procedures: A formalized process will be maintained for identifying, logging, and correcting data errors. This includes version control for datasets, rollback mechanisms, and audit trails to ensure traceability of changes.

iii) Transparent Data Transformation Tracking: All data transformations, such as cleaning, normalization, or feature engineering, will be documented in detail. Metadata will be maintained to ensure that data lineage is preserved and that stakeholders can trace how raw data evolves into model-ready inputs.

iv) Bias Assessments in AI Models: BITZ will regularly assess their models for potential biases related to gender, ethnicity, geography, or age. These assessments will include fairness audits, disaggregated performance metrics, and mitigation strategies to ensure equitable outcomes in child protection triage.

12. DATA SECURITY CONTROLS

BITZ shall adopt a multi-layered security framework encompassing technical, physical, and organizational safeguards to protect data confidentiality, integrity, and availability.

12.1 Technical Measures

i) AES-256 Encryption at Rest and in Transit: All personal and sensitive data will be encrypted using Advanced Encryption Standard (AES) with a 256-bit key, both during storage and transmission, to prevent unauthorized access or interception.

ii) Multi-Factor Authentication (MFA): Access to systems handling sensitive data will require MFA, combining passwords with biometric or token-based verification to reduce the risk of credential compromise.

iii) Secure Data Pipelines with API Access Controls: Data ingestion and processing pipelines will be secured using HTTPS, token-based authentication, and role-based API access to ensure that only authorized systems and users can interact with the data.

iv) Continuous Intrusion Monitoring and Threat Assessment: BITZ will deploy intrusion detection systems (IDS), endpoint protection, and real-time monitoring tools to detect, log, and respond to suspicious activities or vulnerabilities.

v) System Access and Activity Logging: The system will provide for access and activity logging, enabling, providing records of who accessed what, when, and from where, thereby enabling the detection of unauthorized access and data breaches.

12.2 Physical Measures

i) Access-Controlled Offices and Data Centers: Facilities where data is stored or processed will be protected by physical access controls such as biometric scanners, keycard systems, and/or visitor logs, backed by CCTV cameras. Only authorized personnel will be permitted entry.

ii) Backup Systems and Recovery Plans: Regular backups will be maintained in secure, geographically redundant locations. Disaster recovery plans will be tested periodically to ensure rapid restoration of services in the event of data loss or system failure.

12.3 Organizational Measures

i) Mandatory Privacy Training: All BITZ personnel with access to personal data will undergo annual training on data protection laws, ethical handling of sensitive information, and secure system use. New personnel will undergo training before access is granted.

ii) Signed Confidentiality Agreements: Employees, contractors, and third-party partners will be required to sign legally binding confidentiality agreements before accessing any data.

iii) Role-Based Access Only: Access to data and systems will be granted strictly on a need-to-know basis, with permissions aligned to job responsibilities and regularly reviewed for appropriateness.

13. DATA RETENTION AND DISPOSAL

BITZ shall manage data retention and disposal in accordance with legal, ethical, and operational requirements, ensuring that data is not kept longer than necessary and is disposed of securely.

i) Raw Data: Short-Term Storage During Preprocessing: Personally identifiable raw data (e.g., audio recordings, transcripts) will be stored only for the duration required to complete preprocessing and anonymization. Once processed, raw data will be securely deleted.

ii) Anonymized Data Retained for Model Improvement: Anonymized datasets, which no longer contain identifiable information, may be retained for ongoing model training and evaluation, subject to approval by the Data Controllers and periodic review.

iii) Secure Deletion Protocols and Certified Erasure Documentation: BITZ will implement secure deletion methods such as cryptographic wiping or digital shredding. Certificates of erasure will be issued to the Data Controllers upon request or at the end of the retention period.

iv) Retention Aligned with National Legal Timeframes: All data retention schedules will comply with statutory requirements in Kenya and Uganda, and where applicable, international standards such as HIPAA and GDPR’s storage limitation principles.

14. DATA SUBJECT RIGHTS

BITZ shall support the Data Controllers in fulfilling their obligations to uphold the rights of individuals whose data is processed, in accordance with GDPR, HIPAA principles, and local laws.

i) Right of Access and Rectification: Individuals or their legal agents/caregivers have the right to request access to their personal data and to request corrections if the data is inaccurate or incomplete. BITZ will assist the Data Controllers in verifying identity and fulfilling such requests within legally mandated timeframes.

ii) Right to Erasure and Objection: Where applicable, individuals or their legal agents/caregivers may request the deletion of their data or object to its processing. BITZ will ensure that such requests are promptly relayed to the Data Controllers and that processing is suspended pending resolution.

iii) Right to Restriction of Processing: Individuals or their legal agents/caregivers may request that their data be restricted from further processing under certain conditions (e.g., pending verification of accuracy). BITZ will implement technical controls to enforce such restrictions.

iv) Right to Data Portability (Where Feasible): Where technically feasible and legally required, BITZ will support the export of personal data in a structured, commonly used, and machine-readable format to enable portability between systems.

15. DATA SHARING AND DISCLOSURE

BITZ shall ensure that all data sharing and disclosure activities are strictly governed by legal, ethical, and contractual obligations:

i) Limit Sharing to Child Protection Purposes: Data processed through the OpenCHSai shall only be shared with authorized entities for the explicit purpose of enhancing child protection services. Any secondary use, such as research, analytics, or system development, must be pre-approved by the Data Controllers and documented in a data use agreement.

ii) Restrict Third-Party Transfers Without Approval: BITZ shall not disclose or transfer personal or sensitive data to any third party without the prior written consent of the Data Controllers. All third-party engagements must be governed by legally binding Data Processing Agreements (DPAs) that include confidentiality clauses, data protection obligations, and audit rights.

iii) Enforce Cross-Border Data Protection Safeguards: In cases where data must be transferred across national borders, BITZ shall ensure compliance with applicable data transfer mechanisms, such as Standard Contractual Clauses (SCCs), adequacy decisions, or binding corporate rules. BITZ will also assess the legal environment of the recipient country to ensure that data subjects’ rights remain protected.

16. AI ETHICS AND ALGORITHMIC TRANSPARENCY

BITZ is committed to developing and deploying AI systems that are ethical, transparent, and accountable:

i) Proactively Audit for Algorithmic Bias: BITZ shall conduct regular audits of AI models to detect and mitigate algorithmic bias, particularly those that may disproportionately affect vulnerable populations such as children, minorities, or rural communities. These audits will include fairness metrics, disaggregated performance analysis, and stakeholder feedback.

ii) Document Decision Logic and Risk Thresholds: All AI models used for case triage, risk scoring, or prioritization shall be accompanied by detailed documentation outlining the model’s logic, assumptions, training data sources, and decision thresholds. This documentation will be made available to the Data Controllers, their appointed agents and relevant oversight bodies.

iii) Ensure Explainability for Significant AI Decisions: BITZ shall implement explainable AI (XAI) techniques to ensure that significant decisions such as classifying a case as high-risk can be understood and justified by human reviewers. Where full explainability is not technically feasible, BITZ will provide proxy explanations and confidence scores.

iv) Maintain Human-in-the-Loop Protocols: All high-impact decisions generated by AI systems shall be subject to human review before action is taken. BITZ will ensure that trained professionals are empowered to override or contextualize AI outputs, preserving human judgment and accountability in child protection workflows.

17. INCIDENT RESPONSE AND DATA BREACH MANAGEMENT

BITZ shall maintain a robust incident response framework to detect, contain, and remediate data breaches or security incidents:

i) Incident Detection and Escalation Plans: BITZ will implement automated monitoring systems and manual reporting channels to detect anomalies, unauthorized access, or system failures. A designated Incident Response Team (IRT) will be on call to triage and escalate incidents based on severity and impact.

ii) 24-Hour Notification to Data Controllers After Breach: In the event of a confirmed or suspected data breach involving personal or sensitive data, BITZ shall notify the Data Controllers within 24 hours of discovery. The notification will include a description of the breach, affected data categories, potential risks, and immediate containment measures.

iii) Full Cooperation in Investigation and Remediation: BITZ will cooperate fully with the Data Controllers, regulatory authorities, and forensic investigators to identify the root cause, contain the breach, and implement corrective actions. This includes preserving evidence, conducting internal reviews, and supporting public disclosures if required.

iv) Reporting and Documentation of Breach Events: All incidents shall be logged in a breach register, including timelines, actions taken, and lessons learned. Post-incident reviews will be conducted to improve future preparedness and resilience.

18. TRAINING AND AWARENESS

BITZ recognizes that a well-informed workforce is essential to maintaining data security and ethical AI practices:

i) Annual Training on Data Ethics and Child Safeguarding: All personnel involved in data handling, AI development, or child protection services shall undergo mandatory annual training covering data protection laws, ethical AI principles, and child safeguarding protocols. Training content will be tailored to reflect local legal requirements and cultural contexts.

ii) Awareness Initiatives and Refresher Sessions: BITZ will conduct periodic awareness campaigns, workshops, and scenario-based simulations to reinforce key concepts and address emerging threats. Refresher sessions will be scheduled following major policy updates or security incidents.

iii) Training Records for Compliance Tracking: BITZ shall maintain detailed records of all training activities, including attendance logs, training materials, and assessment results. These records will be made available to the Data Controllers and auditors upon request to demonstrate compliance and continuous improvement.

19. MONITORING, AUDITING, AND REVIEW

BITZ shall implement a structured and proactive approach to monitoring, auditing, and reviewing its data protection practices to ensure continuous compliance, accountability, and improvement:

i) Internal and External Audits: BITZ will conduct regular internal audits to assess the effectiveness of its data protection controls, including access management, encryption, anonymization, and AI model governance. These audits will be guided by risk-based criteria and documented in audit reports. Additionally, BITZ shall cooperate fully with external audits initiated by the Data Controllers or independent third parties, providing access to relevant systems, logs, and personnel as required.

ii) Participation in Third-Party Evaluations: BITZ will participate in third-party evaluations or certifications such as ISO 27001, GDPR readiness assessments or others, as may be requested by the Data Controllers or required by law. These evaluations will help benchmark BITZ’s practices against international standards and identify areas for enhancement.

iii) Annual Policy Reviews or Earlier if Regulation Changes: This policy shall be reviewed at least once annually to ensure alignment with evolving legal, technological, and operational contexts. In the event of significant regulatory changes, such as amendments to the Kenya Data Protection Act, Uganda’s Data Protection and Privacy Act, GDPR or HIPAA, BITZ will initiate an immediate policy review and update. All revisions will be documented, version-controlled, and communicated to relevant stakeholders.

20. ENFORCEMENT AND DISCIPLINARY ACTIONS

BITZ is committed to upholding the highest standards of data protection and ethical conduct. To that end, violations of this policy, whether intentional or negligent, will be addressed through a fair, transparent, and proportionate disciplinary process:

i) Employee Sanctions: Employees found to have violated data protection protocols, confidentiality agreements, or ethical AI guidelines may be subject to disciplinary measures ranging from formal warnings and retraining to suspension or termination, depending on the severity and intent of the violation. BITZ will ensure that all personnel are aware of these consequences through onboarding and ongoing training.

ii) Contract Suspensions: Contractors, vendors, or third-party service providers who breach their data protection obligations may face immediate suspension or termination of their contracts. BITZ will also report such breaches to the Data Controllers and, where applicable, regulatory authorities.

iii) Legal Action or Regulatory Penalties: In cases involving gross negligence, willful misconduct, or breaches resulting in harm to data subjects, BITZ reserves the right to pursue legal remedies or cooperate with law enforcement and regulatory bodies. This includes reporting incidents to data protection authorities in Kenya, Uganda, or other relevant jurisdictions, and complying with any resulting investigations or enforcement actions.

21. APPENDICES

Appendix 1: Data Processing Inventory

Purpose: A Data Processing Inventory (DPI) is a comprehensive record of all personal data processing activities conducted by BITZ on behalf of the Data Controllers. It is essential for demonstrating accountability under GDPR Article 30 and similar provisions in Kenyan and Ugandan law.

Data Processing Inventory Template

Data Category	Purpose of Processing	Legal Basis	Source	Retention Period (Let us edit this together)	Security Measures	Cross-Border Transfers
Audio Recordings	Speech recognition and triage	Public interest	Helpline calls	30 days (raw)	AES-256 encryption, MFA	No
Transcripts	NLP model training and analysis	Consent	Manual entry	2 years (anonymized)	Role-based access, audit logs	No
Case Metadata	Case tracking and prioritization	Legal obligation	Call logs, reports	5 years	Encrypted storage, access logs	No
Risk Scores	Predictive triage and escalation	Public interest	AI-generated	1 year	Pseudonymization, human review	No
Caller Demographics	Equity monitoring and reporting	Legitimate interest	Online forms, calls	3 years	Aggregated storage, access limits	No
Location Data	Emergency response coordination	Vital interest	Caller metadata	90 days	Geofencing, restricted access	No
Staff Access Logs	Security auditing and compliance	Legal obligation	System logs	1 year	Immutable logs, SIEM monitoring	No
Anonymized NLP Datasets	Model retraining and validation	Legitimate interest	Derived from transcripts	3 years	De-identified, version-controlled	Yes (if external-hosted cloud)
Third-Party Reports	Referral and case collaboration	Consent	Partner agencies	2 years	Encrypted transfer, DPA in place

Appendix 2: Retention Schedules

Purpose: Defines how long each category of data is retained and the method of secure disposal. This ensures compliance with data minimization and storage limitation principles under GDPR and local laws.

Data Retention Schedule

Data Type	Retention Period (Let us edit this together)	Trigger Event	Disposal Method	Legal/Operational Justification
Raw Audio Files	30 days	Completion of preprocessing	Secure deletion (DoD 5220.22-M)	Data minimization; reduce exposure risk
Anonymized Transcripts	2 years	Model update or audit cycle	Cryptographic erasure	Model improvement; auditability
Case Metadata	5 years	Case closure	Secure deletion with audit log	Legal requirement; case traceability
Risk Scores (AI Outputs)	1 year	Case resolution or override	Secure deletion	Operational need; bias monitoring
Caller Demographics	3 years	End of reporting cycle	Aggregated and anonymized	Equity analysis; reporting obligations
Location Data	90 days	Emergency response closure	Geofenced deletion	Vital interest; privacy protection
Staff Access Logs	1 year	Log archival or system upgrade	Immutable log rotation	Security auditing; compliance verification
Third-Party Reports	2 years	Referral completion	Secure deletion (contractual terms)	Inter-agency collaboration; legal defensibility
Anonymized NLP Datasets	3 years	Model retraining or deprecation	Cryptographic erasure	Continuous learning; reproducibility
Consent Records	6 years	Consent withdrawal or expiry	Secure deletion	GDPR/HIPAA compliance; legal audit trail

Appendix 3: Contact Information for Data Protection Authorities (DPAs)

Purpose: Provides direct contact details for the relevant regulatory bodies in in all relevant jurisdictions to facilitate reporting, consultation, or complaint resolution.

Contacts for Relevant Jurisdictions in 2025:

Country	Authority Name	Website	Email	Phone
Kenya	Office of the Data Protection Commissioner (ODPC)	odpc.go.ke	info@odpc.go.ke	+254 20 331 7586
Uganda	Personal Data Protection Office (PDPO)	pdpo.go.ug	info@pdpo.go.ug	+256 414 705 500

Appendix 4: Data Protection Impact Assessment (DPIA) Template

Purpose: BITZ shall conduct a DPIA for all high-risk data processing activities, particularly those involving automated decision-making, sensitive child data, or cross-border transfers. By following the template below, BITZ ensures legal compliance, ethical alignment, and evidence of accountability, while prioritizing children’s rights, well-being, and systemic fairness. The template contains the following sections:

1. Project Overview

Describe the system, purpose, and stakeholders.

• Project Name:
• Description: Summarize the feature, dataset, model, or partnership.
• Purpose: What service, outcome, or intervention is this enabling?
• Stakeholders: BITZ teams, data controllers, community partners, third parties.
• Target Population: Indicate if children, vulnerable groups, or specific demographics are affected.

2. Necessity & Proportionality Assessment

In consideration of the data operation objective:

• Is the data processing necessary to achieve the stated purpose?
• Could the outcome be achieved with less data or lower-risk techniques?
• What are the least intrusive means available, and have they been considered?

3. Data Flow Mapping

Include a visual or tabular representation of data lifecycle.

Stage	Actor	Data Type	Processing Activity	Tool/Platform
Ingestion	Helpline agent	Audio, metadata	Call intake	Custom IVR platform
Transcription	NLP module	Speech, timestamp	Speech-to-text	Azure Cognitive Services
Risk Scoring	ML model	Text, metadata	Predictive classification	Custom triage engine
Review	Case officer	Risk score, transcript	Human decision and escalation	Internal dashboard
Storage/Retention	BITZ backend	Anonymized transcript, logs	Encrypted storage, audit logging	AWS GovCloud (restricted)

4. Risk Assessment

Identify risks to rights and freedoms of data subjects in terms of impact and likelihood:

Risk	Risk Type	Likelihood	Impact	Description
Re-identification from metadata	Privacy	Medium	High	Location + timestamps might re-link to identity
Bias in case prioritization for minorities	Algorithmic discrimination	Medium	High	Uneven risk scores due to training data imbalance
Unauthorized staff access	Security	Low	Medium	Role-based access might not be sufficiently granular
Poor understanding of AI triage decisions	Transparency	High	Medium	End users may not understand model outputs

5. Mitigation Measures

Describe technical and organizational safeguards for each identified risk:

Risk	Safeguards Implemented	Responsible Role
Re-identification from metadata	Geofencing, pseudonymization, deletion after 90 days	Security Lead
Bias in prioritization	Diverse training dataset, fairness audits, human-in-the-loop for overrides	AI Governance Team
Unauthorized staff access	Tiered RBAC, annual access audits, anomaly detection	IT Administrator
Transparency of AI decisions	Risk score explanations, model cards, override logs	Product Lead

6. Children’s Rights Impact Lens

• Does the system act in the best interests of the child?
• Is the tool age-appropriate, empowering, and respectful?
• Might it unintentionally stigmatize or expose vulnerable youth?
• Has consideration been given to equity across gender, geography, or disability?

7. Consultation Summary

Record input from DPO, stakeholders, or regulators

• DPO Review Date:
• Consulted Parties: Internal ethics teams, external experts, Data Controllers, civil society, front-line service workers, others.
• Summary of feedback received and how it was incorporated into design and safeguards.

8. Outcome and Sign-Off

Final risk rating and approval by responsible parties

Risk Rating (Residual)	☐ Low ☐ Medium ☐ High ☐ Not acceptable
Decision	☐ Proceed ☐ Proceed with conditions ☐ Re-design required
Sign-Off	Name: Position: Date:

Conditions, if any: