The Data Protection Commission (DPC), would from Monday June 19, 2017, begin a monthly publication of the list of offending data collectors in the newspapers, with the objective of naming and shaming them.
The Commission would also follow the publication with the arrest of the offending data collectors and ensure their subsequent arraignment.
Mrs Teki Akuetteh Falconer, the Executive Director of the Data Protection Commission, who announced this at a press conference in Accra on Wednesday, said the decision was in light of the apathy and defiance being displayed by many of these data controllers, posing a challenge to ensuring the lawful processing of personal data in the country.
According to her the Data Protection Act 2012 (Act 843) mandated all entities whether public, private, local or international consultants and individuals, who collect, hold and use personal data in Ghana, to register with the DPC, and therefore prohibit the collection, possession and use of such records by institutions that were not registered with the Commission, she said.
She said the law explicitly stated that “a person who fails to register as a data collector, but processes personal data commits an offence is liable on summary conviction to a fine of not more than two hundred and fifty penalty units or a term of imprisonment of not more than two years or to both”.
She said subject to the numerous public education by the DPC since 2014, and giving the long grace period to these operators to register with the Commission, a number of measures including calling on the public to stop using the services of the said institutions and shutting down the operations of recalcitrant ones, were being undertaken, with the objective of preventing further unlawful processing of individual’s information, and the dangers associated with such practices.
Mrs Falconer said the illegal data collectors being referred to included a number of Ministries, Departments and Agencies; Municipal, Metropolitan and District Assemblies; public and private organisations; security agencies, airline companies, Law firms, hotels and restaurants, companies, partnerships and trusts, hospitals and clinics, microfinance and insurance companies, accounting and auditing firms, educational institutions, media houses, voluntary groups and associations.
She said the dangers associated with the unlawful processing of personal data was real and included risks of trading such information on the web and their potential use for all sort of unauthorised and illegal activities.
She said these information could also provide the basis for identity theft as a result of careless handling and sale of personal data by these operators to third parties for unsolicited marketing communications, while the unauthorised disclosure or sharing of such records that could put individuals at the risk of discrimination, fraud, stealing and armed robberies.
Mrs Falconer said there could also be the danger of misrepresentation of information, the lack of access or control by persons over their own personal data, as well as illegal collection and sale of credit card information for fraudulent purposes.
She said such risks were on the increase, and urged the public to report any unregistered data controller they knew immediately to the Commission via its email at firstname.lastname@example.org, or its website at www.dataprotection.org.gh, and also contact it on 0302-222-929.