The Executive Director of the Data Protection Commission (DPC), Ms Patricia Adusei-Poku is asking the public to be conscious of the kind of people or companies they share their personal data with.
Ms Patricia said very sensitive data in the hands of individuals and organization could be injurious and further expose people to vulnerabilities if not carefully managed.
This, she noted, includes data such as name, date of birth, marital status, location, educational background, medical records, house number, bank accounts, telephone number and email.
Speaking at ceremony to celebrate the achievements of the Commission under the theme, “A New Chapter in Enforcing Accountability and Empowering Data Subjects,” Ms Patricia noted that individuals and organisations that collect and manage personal data of clients, customers, service users and employees are mandated by the Data Protection Act, 2012 (Act 843) to obtain a license.
She added that persons who process personal data shall ensure that the data is processed without infringing on the privacy rights of the person, in a lawful and reasonable manner.
“The manner in which our data is managed is the reason why the Government has passed a law. So we want to control how data is collected, managed, standardized and control who must have access to, when and how they had access to those data, how much of it they can have and for what purpose. Your privacy is your fundamental human right that we want to product with the support of government through the Commission,” Ms Patricia stated.
According to her, the Commission which is an independent statutory body established under the law to protect the privacy of the individual and personal data by regulating the processing of personal information is putting in place measures to safeguard people’s personal data from accidental loss, unauthorized disclosure and unlawful use.
She intimated that the Commission provides for the process to obtain, hold, use or disclose personal information and for other related issues bordering on the protection of personal data.
Ms Patricia stressed that individuals and organizations who failed to comply with the law will be punished severely.
“The first step is to register with the Data Protection Commission. Section 27 of the Act makes it mandatory for all those who process personal data to register and Section 50 requires renewal every two years. Failure to register constitutes an offence,” she emphasized.
Ms Patricia indicated that personnel from the Commission will be stationed in town to mount surveillance and conduct spot checks on companies and individuals who go about collecting people’s personal data without any authorization or license from the Commission.
“We will hold some organisations accountable for example those hiding under the radar to do the needful. We will do spot checks to demand their certificates and license to ensure that they are authorized to collect people’s data. Other ways we could pounce on them is when people come to complain about specific organizations and how they are using their data. We will follow the complaints thoroughly and if we find out that such organization has not followed the obligations under the law will be sanctioned,” Ms Patricia posited.
According to her, the Commission is collaborating with various regulators in the telecom, financial and, oil and gas sector to enforce data collection certificate and license as part of the eligibility criteria for doing business in the country.
She noted that her outfit will embark on a nationwide campaign to educate the public particularly the youth to ensure that data they provide do not fall into the hands of unqualified or unauthorized data processors and collectors.
Ms Patricia Adusei-Poku urges staff, customers, clients, service users, group members, shareholders, external partners, suppliers, vendors, contractors and the general public to ensure that their personal data is in safe hands.