NOT long ago, sending money meant standing in a long queue at the bank or handing cash to a bus driver with instructions to deliver it to a relative in the bus destination.
Today, things are very different. With a few taps on a mobile phone, a person can send money across the country, pay bills, buy goods or even take a loan. This digital convenience has transformed everyday life in Tanzania.
From a mama Lishe in Kariakoo, to a farmer in Mbeya, to a bodaboda rider in Arusha, mobile money has become part of daily survival. School fees are paid through phones. Electricity tokens are bought through mobile apps. Even small savings and loans are now handled digitally.
The phone in one’s pocket has become a wallet, a bank and sometimes even a loan officer. But behind every digital transaction lies something many people rarely think about: Personal data. Each time you send money, pay for electricity, or check your balance, information is being created and stored.
Your phone number, account details, identification number, transaction history and even your location may be part of that digital trail. Under Tanzania’s Personal Data Protection Act (PDPA), this information is not just ordinary data. In many cases, it is sensitive and valuable personal data that must be handled with strict care.
Banks, telecom companies and fintech providers are legally required to collect only the data they truly need, protect it from misuse, and ensure it is not shared without lawful reasons or the customer’s consent. To most people, these details may seem harmless. But in the wrong hands, they can be dangerous.
A fraudster does not always need to break into a system. Sometimes, all they need is a phone number, a few personal details and the right moment to make a call. Many Tanzanians have experienced it. A call comes in from someone claiming to be from a bank, a mobile network or even a government office.
The caller sounds confident. They may mention your name or say they are ‘updating your account.’ They warn you that your line will be blocked or your account frozen if you do not act quickly. Then they ask for a verification code or PIN. In that moment of confusion or fear, some people share the information.
Minutes later, their money is gone. In other cases, fraudsters send SMS messages with fake links, pretending to be from mobile money services or banks. The message may say you have received money or won a promotion. When the victim clicks the link and enters their details, the criminals gain access to their accounts.
These crimes often succeed because personal data is not properly protected or is shared too freely. Sometimes the leak comes from within institutions, where employees misuse customer data. Sometimes it comes from people posting their identification cards, boarding passes or payment confirmations on social media. Sometimes it is simply the result of trusting a stranger on the phone.
The PDPA places clear responsibilities on financial institutions and telecom operators. They are considered data controllers or processors, and they must follow strict principles. They must process personal data lawfully and fairly. They must ensure the data is accurate, secure and used only for the purpose it was collected.
They must not keep customer data longer than necessary, and they must protect it from unauthorised access or disclosure. Customers also have rights under the law. They have the right to know how their personal data is being used. They have the right to request corrections if their data is wrong.
ALSO READ: Optician urges routine eye screening
They have the right to expect that their financial information will not be shared with third parties without proper justification or consent. Financial service providers must therefore invest in strong security systems. Customer data should be encrypted and stored safely.
Access should be limited to authorised personnel only. Systems should be regularly tested for weaknesses. Staff should be trained on data protection obligations under the PDPA, because many data leaks come from human error, not just hackers. Partnerships with third parties also require careful handling.
Many digital financial services rely on credit agencies, marketing firms and technology providers. If customer data is shared carelessly, it can lead to unwanted calls, aggressive loan offers, privacy violations or even identity theft. Under the PDPA, such sharing must be lawful, transparent, and based on clear purpose and consent where required. At the same time, citizens must take simple but powerful steps to protect themselves.
Never share your PIN, password or verification code with anyone, not even someone claiming to be from your bank or mobile network. No legitimate institution will ask for that information over the phone. Be cautious of urgent messages that create panic or excitement. Fraudsters often rely on pressure.
Secure your phone with a strong password or biometric lock. Avoid posting personal documents or transaction screenshots on social media. If you receive suspicious calls or messages, ignore them and report them to your service provider. The digital economy in Tanzania is growing fast, and financial technology is opening doors for millions of people.
But trust is the foundation of this progress. If people feel their money or personal information is not safe, they will hesitate to use these services. Protecting financial data is therefore not just about compliance with the PDPA.
It is about protecting people’s hard-earned income, preserving confidence in the financial system and supporting the growth of the digital economy. In a world where a single phone can hold your entire financial life, protecting personal data is no longer optional. It is essential; for institutions, for regulators and for every citizen.
The message is simple. As digital finance becomes part of our daily lives, the protection of personal data must become part of our daily habits too. Banks, telecom companies and fintech providers must treat customer information with the same care they give to people’s money.
When systems are weak or staff are careless with data, it is ordinary citizens who pay the price. But this responsibility does not belong to institutions alone. Every mobile phone user has a role to play. Do not share your PIN, your passwords or your verification codes with anyone.
Question strange calls. Be careful with links and messages that create panic or promise quick rewards. A few seconds of caution can save months of regret. The Personal Data Protection Act is there to protect citizens, but the law works best when everyone takes it seriously.
When institutions respect the law and people stay alert, trust grows. And with trust, the digital economy can continue to serve its true purpose; making life easier, safer and more inclusive for all.