Information Security Challenges in the Absence of ICT in Protecting Personal and Organisational Data in Nairobi County, Kenya

. There have been several cases of lost documents and misplaced or inaccurate information belonging to individuals or organisations reported in recent times at global, national and regional levels. Nairobi county is one of the regions on the spot as many people travelling or working in the city have reported lost identification documents such as certificates and licenses, whether through criminality or negligence. Furthermore, most businesses and organisations dealing with huge volumes of data need help to protect and provide accurate information. Many still need help with the pre-digital data management systems, thus risking the loss of both personal and organisational data. This paper, therefore, sought to examine the information security challenges due to the inadequate application of ICT in managing personal and corporate data and their implications on individuals and organisations in Nairobi County. The target population included employees from Kenya Revenue Authority and Kenya Data Networks in Nairobi headquarters offices, police officers deployed at NPS offices headquarters and members of the public. The selected target groups were known to deal with enormous data for both personnel and businesses, and the police officers were part of this study because of their mandate to help in tracking lost personal and business documents. Lastly, the researcher engaged members of the public to share their experiences of losing business and personal records. The study employed purposive and simple random sampling techniques to select the required sample of 110 participants drawn from the four groups. A structured questionnaire was administered to the sampled police officers, employees of Kenya Data Network and Kenya Revenue Authority and members of the public. The researchers interviewed key informants from the three organisations, NPS, KRA and KDA, to complement the data collected using the questionnaires. The findings established that challenges were associated with the need for more ICT in managing personal information and organisational data. Further, the paper revealed that the need for an integrated system is a challenge to tracking missing identities or verifying the validity of provided information, thus compromising the productivity and security of businesses and institutions. Results from this study provide a solution to tracking any missing documents and correcting inaccurate personal data by adopting an integrated ICT system.


INTRODUCTION
Many scholars argue that information technology is the most potent tool governments and organisations use to promote data and security policy, ranging from taxation and border control to the payment of welfare benefits and other forms of social security.In recent years, through modern technology, information management has continually received increasing support and attention across the globe as governments and private sectors embrace information & communication technologies in managing their corporate data [8].States of the West have invested heavily in research and development to bring more advanced technologies.As a result, this has increased the free flow of public information and sharing crucial information among government agencies has been a fundamental component that many citizens use to make informed and timely decisions [9].
Previous studies conducted to compare the data management systems used during the pre-digital era (traditional) to the modern world indicated that new technologies have been developed.The author [2] pointed out that conventional settings did not combine the strengths of tape and disks with policy-based and automated management of the various targets.Thus, personal data was easily misplaced and could not be accessible when needed in future.
International and national security have been threatening to call for the new development of databases to save the nations from related attacks urgently.For example, in the United Kingdom, the government introduced a biometricbased national identity card for the UK population in 2006.This intervention aimed at helping security agencies to track down lost documents and identities of citizens through verification of personal data as indicated on the cards.This formed an extensive, effectively centralised database (the National Identity Register) for all UK citizens above 16 years old.In addition, the invented register provided an audit trail of an individual's identity registration [11].In Africa, most countries have focused on improving their citizens' quality of life by providing good governance and promoting the economy.As a result, in recent years, technology has immensely contributed to the transformation in these critical areas [25].However, despite the tremendous efforts and resources allocated for development, more progress has yet to be made.Many African countries have yet to come close to developing and transforming their societies to the same standards as developed countries.According to [25], almost three-quarters of Africa are yet to implement electronic document management systems effectively.This has, however, resulted in many cases of identity document theft, loss of identity cards, and inaccuracy in filling out data regarding individuals has been rampant.In Kenya, most operations have embraced modern technologies resulting in increased development in various sectors [24].However, a report published by [25] pointed out that private and public sectors still needed to develop a comprehensive database that could provide adequate and meaningful information to the citizens.Author [24] established that traditional data management constituted non-electronic media analogue technology such as radio, television, fixed-line telephones, facsimiles machines, and print media.According to these findings by [24], traditional data processing and protection platforms relied on something other than modern features such as automation, unified policies, or a single pane of glass to view, protect, and recover datasets from edge-to-core to cloud.These findings were echoed by [20], who observed that IT organisations had tactically added multiple redundant point solutions over the years to overcome individual problems.This amplified the complexities in traditional data centre environments, added risks and increased costs.
The author [15] identified the struggle of most agencies that deal with enormous amounts of data, such as Kenya Data Network (KDN) and Kenya Revenue Authority (KRA), due to failed database systems.In addition, more complaints have been recorded by the public day in and day out that documents are lost without a trace.Both personal and organisational data needed to be adequately secured, leading to data leakage, disappearance and damage.This has affected service delivery, corporate production, and employee performance and is a national security threat [15].In addition, a report done in 2021 by International Data Corporation (IDC) showed that 65% of large organisations had put more than 9.5% of IT budgets on data protection compared with 17% recorded in 2019.As a result, IDC advised that tighter integration of storage, data protection and applications could enhance automation, orchestration and consistency.As a country, Kenya has been faced with data protection and therefore calling for government interventions to help the country rise above the information security challenges.This has been evident in developed countries that have integrated new technologies in data management systems to enhance data analysis, information retrieval and data loss prevention.This paper identified the challenges individuals and organisations go through in the event of data loss; as presented by previous studies, Kenyan institutions still need to work on manual data management systems due to a lack of adequate ICT integration.This resulted in an information itch that has affected national growth and slowed the efforts toward achieving Kenya Vision 2030.Therefore, this study sought to evaluate the information security challenges caused by the unavailability of Information Communication Technology (ICT) in protecting personal and organisational data in Nairobi County.

METHODOLOGY
The study adopted the descriptive survey design to enable the researcher to gather information, interpret, summarise, and present for clarity.This research design allowed the researcher to determine information security challenges in the absence of ICT in managing personal data in Nairobi County, Kenya.
The target population included all the employees of Kenya Revenue Authority and Kenya Data Networks in Nairobi headquarters offices, police officers deployed at NPS offices headquarters, and members of the public.The study targeted these institutions, for they were known to deal with enormous amounts of data for both personnel and businesses.The police officers were part of this study because of their mandate to help track lost personal and business documents.Lastly, the researcher engaged members of the public to share their experiences of losing business and personal records.The accessible population was 35 employees of Kenya Revenue Authority and 30 employees from Kenya Data Networks in Nairobi headquarters offices, 20 police officers deployed at NPS offices headquarters and 25 members of the public, totalling 110 participants.
The study employed purposive and simple random sampling techniques to select the required sample from the target population of 110 participants drawn from the study's four groups: the employees of Kenya Revenue Authority and Kenya Data Networks in Nairobi headquarters offices.Police officers deployed at NPS offices headquarters and members of the public.
Primary data was collected using a selfadministered structured questionnaire administered to the sampled police officers, employees of Kenya Data Network and Kenya Revenue Authority and members of the public.The interview guide was used to conduct interviews with a key informant from the three organisations, NPS, KRA and KDA, to complement the data collected using the questionnaires.Three critical informants from top-level management of the organisations were interviewed, one from each.
Secondary data was extracted from the police Occurrence Book records.Qualitative data were analysed using thematic analysis, while quantitative data was analysed using descriptive and inferential statistics.Relevant ethical considerations were observed, such as obtaining authoris-ing documents from relevant institutions and ensuring privacy, confidentiality and anonymity measures were in place.Lastly, data collected from the field was scrutinised and processed to ensure proper data management.

RESULTS AND DISCUSSION
The initial sample consisted of 110 participants.However, only 90 questionnaires were filled out and returned, while 20 were not received even after follow-up.The completed and returned questionnaires yielded a response rate of 81.8%.
In addition, the study conducted interviews with a key informant from each of the three organisations, NPS, KRA and KDA, to complement the data collected using the questionnaires.
The study examined the three vital demographic variables of the respondents, which included; gender, age and duration of employment.
The results revealed that male respondents formed the most significant portion of the sample size, 55.6%, while females were 44.4% of the respondents.Regarding age, the majority, 48% of the respondents, were aged between 26 and 35.Lastly, regarding the duration of employment, the study findings established that the majority (65%) had worked in these organisations for 1 to 2 years.
In examining the information security challenges due to inadequate usage of ICT in managing data, the researcher interrogated the following subthemes: Experience of data loss/ lost items, accessibility of ICT and indicators of unavailability of ICT for data management.
The researcher wanted to know the type of items the respondents had lost, whom or what caused the loss, and what impact the loss had on a person or organisation.The results were illustrated as sub-themes below: The researcher asked the respondents whether they had ever lost their items.The responses are illustrated in Figure 1.
The study results showed that the majority, 89% of respondents, had experienced the loss of their documents, while only 11% of the respondents did not.

Figure 1 -Knowledge of lost items
Under this sub-theme, the study sought to describe who or what causes the loss of items belonging to an individual or organisation.The responses are illustrated in Table 1.

Cause
Frequency % Misplacing an item/document 25 23 Having a more portable item (you have to move around with it) 25 23 When a thing is not recognisable 15 14 Shared items/documents with colleagues not well documented 15 14 When a third party borrows/uses an item and fails to return it to its location 15 14 Usage of the thing by many persons 15 14 Total 110 100 Under this theme, the researcher asked the respondents whether losing an item or document influenced their lives and the organisation's performance.Findings from the interviews showed that most respondents indicated that they would spend so much time looking for lost items/documents, and retrieving items was a time wastage that could be spent on work.The participants expressed added pressure to their already busy schedule, resulting in stress during work hours and even overtime.
Furthermore, it can evoke annoyance and irritation that are sometimes involuntarily transferred to colleagues and clients.The participants expressed that having to look for items makes them feel guilty towards their clients, especially when they experience discomfort.Pain can be having to wait (for instance, waiting for a patient hoist to arrive) or not being able to communicate properly because they are without dentures, glasses or hearing aids.Some participants mentioned that they find it much worse when a client's belongings are lost than when the organisation's practical (and relatively easily replaceable) assets are lost.
Finally, looking for lost items can be privacyinfringing from the professional perspective, as often they have to search in the different rooms of the clients.Other findings indicated that the lack of a link between finders and owners of lost documents was a significant challenge.The first respondent reported that, "Every day, I receive reports of citizens who have lost their national Identification Cards, ATM cards and other personal items that require police intervention to help them track the lost items.We have a room in offices that keep lost items collected or returned after someone accidentally picked the wrong items, and all these items are yet to find their owners".
These findings pointed out a gap in establishing a direct link between those who found lost documents and the owners.Thus, poising a challenge regarding the re-unification of papers and their respective owners is concerned.The author [23] established that challenges individuals and security bodies encounter to find the lost item tend to rise and become tedious, and the owner may fall into depression.The author developed an online lost item recovery application to assist individuals who had lost their items.
To establish the level of accessibility of ICT for data management, the researcher gave the respondents a few questions, and their responses were illustrated in Table 2. Data analysis indicated that the majority, 95% of the respondents, said that their organisation had an electronic data management system, 2% said no, while 3% didn't know.In addition, data from the interviews established that those who had access to the data management system disclosed that there were specific policies controlling access to the design and that there was a formal logging-in procedure to access data or to use the system.So, security was provided to protect information from unauthorised users.These findings support the Innovation Diffusion theory, as illustrated by [28], that it attracts more users when something is not complicated.Thus, the results of this paper established easy accessibility of ICT in an organisation and made it possible for employee usage.
The study sought to determine how ICT's unavailability affected employee data management.
The study analysed the following activities of data management in an organisation; assessing/analysing employee performance, record keeping, cost optimisation and service delivery.
The unavailability of ICT in data management was considered using nine items.The responses were rated using a Likert scale of 1 to 5. The results are shown in Table 3. Data from the interviews discovered that most respondents perceived ICT as an effective tool that improved keeping records, as keeping records electronically reduced the loss of documents.Respondents also revealed that ICT enhanced the recording and keeping of organisa-tional documents.They added that making electronic assessments was essential in minimising the loss of corporate documents.This implies that the availability of ICT enhances proper record-keeping.
Other findings indicated that most respondents (70%) confirmed that assessed work could easily be transferred electronically to the departmental head, and 30% did not accept it.Since the highest percentage, 70%, conformed to the statement, it implies that ICT plays a vital role in how records are kept and transferred from one office to another, i.e., from junior staff to departmental heads.
These findings concur with [27], who established that an electronic records management system allowed for easy comparison of registration status with other data, such as student's academic progress and ensuring proper time management.

CONCLUSIONS
Based on the findings of this study, the paper concludes that challenges resulting from ineffi-cient use of ICT in data management both at personal and organisational levels in Nairobi County include: insufficient tracking methods of lost methods, high cost, time-consuming, poor record keeping, poor service delivery and poor employee/organisational performance.Losing items as an individual or in the organisation and not being able to (re)find these items is a real challenge in Nairobi County.From the findings, data loss has impacted employees' performance and the growth of an organisation and a nation.Therefore, data (personal and organisational) are supposed to be protected at all costs, and this study suggests that appropriate measures be put in place to prevent data loss or any other form of related information security challenges.

Table 2 -
Accessibility of ICT

Table 3 -
Indicators of unavailability of ICT in data management