Information and technology (IT) governance is an emerging area of corporate governance, focused on information and technology (IT), its performance and risk management. The growing interest in IT governance is due to the ongoing need within organizations to adopt technological processes with a view to enhancing organizations’ strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. IT governance has evolved over time from The Principles of Scientific Management, Total Quality
Management and ISO 9001 Quality management system. This key area involves everyone ranging from board members, executive management, staff, customers, investors to regulators. An IT Governance framework is used to identify, establish and link the mechanisms to oversee the use of information and related technology to create value and manage the risks associated with using information and technology. A good example of such frameworks and tools of IT Governance is COBIT (Control Objectives for Information and Related Technologies). This is a good-practice framework created by international professional association ISACA for information technology (IT)
management and IT governance. It provides an implementable set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers.
In order to adopt such important tools and frameworks of IT Governance, there is need to consider critical issues that affect its implementation. Key among such issues are rising cases of cyber-crimes and related activities that infiltrate into organizations database. This can only be curbed by enacted laws and regulations in privacy data protection. It is against this background that Industry players need an understanding of the subject of IT governance and understand the current development of policies on privacy and data protection framework in Kenya