International Research Journal of Business and Strategic Management

Internet Service Providers (ISPs) in Kenya face increasing scrutiny regarding their compliance with the Data Protection Act (DPA) of 2019 due to the rapid growth of digital technologies and the resulting accumulation of personal data. Although Kenya has a well-established legal framework for data protection, most ISPs encounter operational, technical, and resource-related challenges that hinder full compliance. The study was anchored on Privacy Theory and the Resource-Based View to explain how organizational behavior, system effectiveness, privacy considerations, and internal resources influence the implementation of data privacy regulations. The study adopted a descriptive survey research design targeting ISP employees and customers in Nairobi City County, Kenya. The target population comprised 1,542,303 respondents, from which a sample size of 384 was determined using the Krejcie–Morgan formula. Data were collected using structured questionnaires and interview guides. Both descriptive and inferential statistical analyses were conducted using SPSS version 25. The findings revealed strong and statistically significant positive correlations between data management practices and the implementation of data privacy regulations. Specifically, Data Processing (r = 0.751) and Data Resources (r = 0.799) were all significantly associated with regulatory compliance (p < 0.001). The multiple regression revealed that a combination of these variables explained 89.8% of changes in the actual enforcement of data privacy regulations. Data Processing was the most influential (Beta= 0.498), followed by Data Resources (Beta = 0.209). The paper concludes that effective and integrated data management practices play a vital role in improving adherence to the data privacy regulation among the ISPs in Kenya. Compliance, reduced data breach, and customer trust are higher in those ISPs that invest in secure infrastructure, staff training and regulatory-compliant processes. The research suggests specific training of the ISP staff and enhancing the cooperation of ISPs with the Office of the Data Protection Commissioner. Moreover, compliance and preservation of user data in the highly dynamic digital landscape within the Kenyan context require constant supervision, capacity-building efforts, and the adoption of new advanced technologies.

Keywords: Information Security, Regulatory Compliance, Data Processing, Organizational Resources, Consumer Data Protection

Ademi, D. (2024). Digital Rights: A Critical Analysis of the Status of Online Freedom Of Expression In Kenya.

Ahmed, W., Shahzad, F., Javed, A. R., Iqbal, F., & Ali, L. (2021, April). Whatsapp network forensics: Discovering the IP addresses of suspects. In 2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS) (pp. 1-7). IEEE.

Akanfe, O., Valecha, R., & Rao, H. R. (2020). Assessing country-level privacy risk for digital payment systems. Computers & Security, 99, 102065.

Barasa, F. A. (2023). The Congruence of International Laws and Kenyan Laws about International Online Trade (Doctoral dissertation, University of Nairobi).

Bock, K., Kühne, C. R., Mühlhoff, R., Ost, M. R., Pohle, J., & Rehak, R. (2021). Data protection impact assessment for the Corona app. arXiv preprint arXiv:2101.07292.

Cooray, M. A., Ahmad Rajuhan, I. S. B., & Binti Adnan, W. N. A. (2023). Industry approaches in handling online exploitation of children: A comparative study of the policy, guidelines and best practices in Malaysia, Singapore and Australia. Cogent Social Sciences, 9(2), 2241713.

Erforth, B., & Martin-Shields, C. (2022). Where privacy meets politics: EU–Kenya cooperation in data protection. In Africa–Europe Cooperation and Digital Transformation (pp. 142-155). Routledge.

Fernandez Nieto, G. M., Kitto, K., Buckingham Shum, S., & Martinez-Maldonado, R. (2022, March). Beyond the learning analytics dashboard: Alternative ways to communicate student data insights combining visualisation, narrative and storytelling. In LAK22: 12th international learning analytics and knowledge conference (pp. 219-229).

Florido-Benítez, L. (2024). The cybersecurity applied by online travel agencies and hotels to protect users’ private data in smart cities. Smart Cities, 7(1), 475-495.

Garcia, H. B. (2024). Mitigating Information Asymmetry in the 5G Era: unveiling practices that restrict users' Internet access.

Hartzog, W., & Richards, N. (2020). Privacy's constitutional moment and the limits of data protection. BCL Rev., 61, 1687.

Hersi, M. (2022). Challenges Affecting Adoption of Big Data Analytics in Telecommunication Firms in Kenya (Doctoral dissertation, University of Nairobi).

Ibrahim, A., Thiruvady, D., Schneider, J. G., & Abdelrazek, M. (2020). The challenges of leveraging threat intelligence to stop data breaches. Frontiers in Computer Science, 2, 36.

Juma, C. W. (2022). Examining Nairobi Internet Users’ Attitudes Towards Newspaper Paywalls in Kenya (Doctoral dissertation, University of Nairobi).

Kabata, V., & Garaba, F. (2020). The legal and regulatory framework supporting the implementation of the Access to Information Act in Kenya. Information Development, 36(3), 354-368.

Karale, A. (2021). The challenges of IoT address security, ethics, privacy, and laws. Internet of Things, 15, 100420.

Kim, J. H. (2019). Multicollinearity and misleading statistical results. Korean Journal of Anesthesiology, 72(6), 558-569.

Krejcie, R. V., & Morgan, D. W. (1970). Determining sample size for research activities. Educational and Psychological Measurement, 30(3), 607–610.

Krishnamurthi, R., Gopinathan, D., & Kumar, A. (2021). Wearable devices and COVID-19: state of the art, framework, and challenges. Emerging Technologies for Battling Covid-19: Applications and Innovations, 157-180.

Kuner, C., Bygrave, L., Docksey, C., & Drechsler, L. (2020). The EU general data protection regulation: a commentary. Oxford University Press. Available at: https://global. oup. Com/academic/product/the-eu-general-data-protection-regulation-gdpr-9780198826491.

Lancieri, F. (2022). Narrowing data protection's enforcement gap. Me. L. Rev., 74, 15.

Laurer, M., & Seidl, T. (2021). Regulating the European data?driven economy: A case study on the general data protection regulation. Policy & Internet, 13(2), 257-277.

Liyanaarachchi, G., Deshpande, S., & Weaven, S. (2021). Market-oriented corporate digital responsibility to manage data vulnerability in online banking. International Journal of Bank Marketing, 39(4), 571-591.

Maina, D. K. (2021). The Learning Curve: An exploration of the digital literacy dimension to ISPs (Doctoral dissertation, Massachusetts Institute of Technology).

Mukuki, A., & Assenga, A. (2024). Comparative study of data protection legislation frameworks across the East African community. D4D ACCESS.

Munyendo, C. W., Acar, Y., & Aviv, A. J. (2023, May). "In Eighty Percent of the Cases, I Select the Password for Them": Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya. In 2023 IEEE Symposium on Security and Privacy (SP) (pp. 570-587). IEEE.

Musole, T. M., & Rwabashi, J. P. M. (2021). Digital surveillance and privacy in DRC: Balancing national security and personal data protection.

Mutua, S. N. (2023). Exploring Public Perceptions towards Online Content Regulation in Kenya. Multidisciplinary Journal of Technical University of Mombasa, 2(2), 37-51.

Nairobi City County. (2023). County annual development plan (CADP) 2023/2024. Nairobi City County Government.

Okesola, J. O., Adebiyi, M., Osi-Okeke, T., Adewale, A., & Adebiyi, A. (2020). Internet service providers' responsibilities in botnet mitigation: a Nigerian perspective. International Journal of Electrical and Computer Engineering, 10(4), 4168.

Portney, B. A., Arad, M., Gupta, A., Brown, R. A., Khatri, R., Lin, P. N., ... & Zalzman, M. (2020). ZSCAN4 facilitates chromatin remodeling and promotes the cancer stem cell phenotype. Oncogene, 39(26), 4970-4982.

Singh, A., & Shanker, N. (2024). Examining the Role of Internet Service Providers in Cyberspace: A Comparative Analysis of the Current Legal Landscape in India and the USA. Educational Administration: Theory and Practice, 30(5), 7377-7390.

Story, D. A., & Tait, A. R. (2019). Survey research. Anesthesiology, 130(2), 192-202.

Tosza, S. (2021). Internet service providers as law enforcers and adjudicators. A public role of private actors. Computer law & security review, 43, 105614.

Wanekeya, E. (2023). Effectiveness of Domestic Data Protection Laws in African Countries: A Case Study of the Data Protection Law in Kenya (Doctoral dissertation, University of Nairobi).

Zichichi, M., Ferretti, S., D’Angelo, G., & Rodríguez-Doncel, V. (2022). Data governance through a multi-Cloud architecture in view of the gdpr. Cluster Computing, 25(6), 4515-4542.

Ziwa, C. (2021). The Effectiveness of Legal Framework on Personal Data Protection in E-Commerce in Kenya. Available at SSRN 4403156.

Kröger, J. L., Miceli, M., & Müller, F. (2021). How data can be used against people: A classification of personal data misuses. Available at SSRN 3887097.