The Data Protection Commission (DPC) has made a strong case for a fast track court to facilitate speedy prosecution of persons and institutions that misappropriate the personal and private information of others.
The court would also be empowered to prosecute data collecting and storing institutions, collectively called data controllers and processors, that failed to register with the commission for appropriate management of data, the Executive Director of the commission, Ms Patricia Adusei-Poku, has said.
Ms Adusei-Poku told the Daily Graphic that the commission needed a fast track court to ensure speedy trial of defaulters to engender confidence and strict compliance to the Data Protection Act, 2012 (Act 843).
The law set up the DPC and provided adequate measures to safeguard people’s personal data.
The executive director was speaking on efforts by the commission to ensure compliance with Act 843, which among other things, requires data controllers to register with the DPC.
She disclosed that the Attorney-General’s Department had agreed to set up the fast track court for the commission after the DPC had made requests and defended same with reasons for a specialised court to help enforce data protection rules.
She said the department was now waiting for the commission to compile “a substantial list of cases” to be prosecuted as condition precedent to setting up and operationalising the court.
“As we speak, we are compiling a list of offenders and defaulters – institutions that fail to register with the commission although they collect personal and private data. We want a situation when we say this institution or person is in default, the person will be hauled before court tomorrow and the trial will be speedy,” she said.
The executive director of the DPC expressed the hope that the compilation of the cases and the final processes needed to get the fast track court established would be completed this year to allow for its operationalisation.
Commenting on the status of registrations by affected institutions, Ms Adusei-Poku said an amnesty period that the Ministry of Communication granted the entities expired on March 31.
She said the commission would now publish the list of institutions that had registered with the DPC as “institutions with accountable leadership towards protecting data under their care.”
“Those that registered with us are those that we deem to be making the needed efforts towards accountability and data protection,” she said, adding that around 2,000 entities had so far registered.
Given that the country had about 60,000 registered entities, the executive director of the DPC said having about 2,000 institutions registered “is just a drop in the ocean.”
When asked which institutions were required to register with the commission under the law, she said all businesses and entities that received the data of people.
“It is all institutions, including hospitals, schools, telecommunication companies and financial institutions all the way to that mobile money vendor at the corner,” she said, adding that the registration is a fulfilment of a statutory duty.
She explained that once a company registered with the commission, the DPC would help train a dedicated person on data management and protection to ensure strict compliance with Act 843.
Ms Adusei-Poku said the country and the affected institutions needed to take data protection issues seriously.
Beyond helping to protect the privacy of individuals, the executive director said data protection was a critical component in the building of a digital economy, which the country was working tirelessly to achieve.
She explained that it engendered confidence in the usage of digital and financial services, majority of which thrived on the exchange of personal data.
She, therefore, called on institutions to register with the commission to help ensure smooth and targeted training of the relevant staff.
Ms Adusei-Poku reminded leaders of institutions that Act 843 allowed the commission to prosecute the unit heads of entities that failed to comply with the rules.