Campus Policing And Access Control Management

Richard Beyemba Yorda

Introduction
Porous perimeters, untrained guards, and broken CCTV cameras are leaving students and staff at risk across Ghana's tertiary institutions. A security and data protection expert maps out what must change, and what the law already requires.

By Richard Beyemba Yorda; Security Administration Professional & Certified Data Protection Officer

Walk through the main gate of many Ghanaian public universities and you will likely pass a security post with no functioning camera overhead, a guard who received no formal training, and a visitor log that has not been filled in for weeks. In a nation whose universities now serve hundreds of thousands of students, that reality is a crisis hiding in plain sight.

A new analysis of campus policing and access control across Ghana's tertiary institutions paints a troubling picture: security frameworks have failed to keep pace with the explosive growth of campuses, leaving people, data, and institutional assets exposed to risks ranging from petty theft to examination fraud and cybercrime.

The assessment, drawing on operational observations from institutions including the University of Education, Winneba (UEW), KNUST, UCC, and the SDA College of Education in Asokore-Koforidua, also carries a pointed legal warning: many institutions are already in violation of the Data Protection Act, 2012 (Act 843), and the National Security Act, 2020 (Act 1030), whether or not they know it.

“An overly militarised security posture stifles academic freedom and community trust. An excessively permissive one invites criminal exploitation. Ghanaian campuses are currently failing on both counts.”

THE GAPS THAT ARE COSTING INSTITUTIONS

Ghana's public universities typically maintain internal security units headed by a Director/Head of Security or Chief Security Officer. The problem, the analysis finds, is that the depth and quality of those units vary enormously, and at smaller Colleges of Education and Technical Universities, they are skeletal at best.

Six recurring failures stand out across the sector:

• Perimeter control is porous. Older campuses are characterised by sprawling, unfenced or inadequately fenced boundaries with numerous unofficial entry points impossible to monitor without large personnel deployments.
• Security staff lack formal training. Guards are frequently recruited without any professional grounding in legal authorities — powers of arrest, use-of-force limitations, or search procedures — creating direct liability exposure for institutions.
• Surveillance equipment is failing. CCTV cameras, where installed, are commonly non-functional, poorly positioned, or lack storage capacity. Two-way radio systems are frequently absent or unreliable.
• Crime is systematically under-reported. Fear of reprisal and distrust of reporting channels mean that the data available for evidence-based security planning is severely incomplete.
• The town-gown boundary is unmanaged. Ghana's urban campuses interface with neighbouring communities in ways that are rarely formally addressed by security policy.
• Collaboration with the Ghana Police Service is ad hoc. Formal protocols for information sharing, incident referral, and joint patrol are rarely institutionalised anywhere in the sector.

Critically, most institutions lack a formal, board-approved campus policing policy at all. Without that foundational document, security operations are driven by individual discretion, difficult to audit, and are almost impossible to reform systematically.

WHAT THE LAW ALREADY REQUIRES
The legal framework governing campus security in Ghana is more demanding than many institutions appear to realise. Five key statutes apply directly.

The National Security Act (Act 1030) establishes the architecture for coordination between institutional security and national agencies. The Criminal Offences Act (Act 29) defines the criminal acts most likely to occur on campus, assault, trespass, theft, fraud, and sets the legal basis for apprehension. The Universities Act and the Tertiary Education Institutions Act (Act 1062) empower institutional councils to enact binding security regulations.

The two statutes with the most immediate compliance implications, however, are the Occupational Health and Safety provisions, which obligate institutions to maintain safe premises, and the Data Protection Act, 2012 (Act 843).

“Any institution operating CCTV or biometric access systems is already a Data Controller under Act 843. Registration with the Data Protection Commission is not optional.”

The DPA imposes specific obligations the moment a campus deploys CCTV cameras or biometric access control. Institutions must register as Data Controllers with the Data Protection Commission (DPC), post privacy notices at all camera locations, enforce strict data minimisation (a 30-day rolling retention period for CCTV footage is the widely adopted benchmark), and maintain documented access authorisation registers for security data.

Institutions must also be able to respond to Data Subject Access Requests, meaning any student or staff member is legally entitled to request access to CCTV footage or access-control logs that relate to them. Failure to comply exposes institutions to DPC sanctions, reputational damage, and civil claims.

THE COLLEGES OF EDUCATION PROBLEM
Ghana's Colleges of Education face a particular security challenge that deserves direct attention. Most are located in semi-urban or rural settings, affiliated with UEW or UCC, and operate on modest budgets. Their predominantly residential student populations create specific access-control dynamics, especially regarding hall-of-residence management, late-night movement, and visitor access.

Common deficiencies at Colleges of Education include: no perimeter fencing; daily-rate security guards with no formal training; no electronic surveillance system of any kind; and the complete absence of formal visitor registers.

These are not merely administrative oversights. They represent genuine safeguarding risks, particularly for female students.

A phased upgrade model proposed in the analysis suggests Colleges could achieve significant security improvements at modest cost by prioritising: secured gate and boom-barrier entry; a minimum-viable CCTV system covering entry points and residence corridors; a digitised visitor register via a simple spreadsheet or Google Form; and a security policy committee with Student Representative Council (SRC) representation.

THE FRAMEWORK: WHAT MUST BE DONE
The analysis proposes an integrated best-practice framework built around five pillars.

Governance And Policy
Every institution must adopt a board-approved Campus Security Policy. A Campus Security Committee, chaired by the Vice-Chancellor or Principal and including the Directors/Heads of Security, Finance, ICT, and Student Affairs, alongside an SRC representative, should provide oversight. An annual Security Risk Assessment should drive investment decisions.

Physical And Technical Infrastructure
Campuses should operate a layered zoning architecture separating public zones (car parks, administrative building entrances), controlled zones (academic buildings, libraries), and restricted zones (server rooms, examination vaults, finance offices). CCTV systems must be supported by uninterruptible power supply at critical monitoring points. Biometric access control should be mandatory for restricted zones. A 24-hour Security Control Room with real-time monitoring and direct gate communication is the target standard for larger institutions.

Personnel And Training
Background checks, structured induction training covering legal authorities, first aid, and fire safety must become standard. In-service training on emerging threats, cybercrime, drug trafficking, examination malpractice, and gender-based violence, should follow. A career progression pathway for security staff is essential to improve retention and performance.

Data Protection Compliance
Institutions must register their security data processing activities with the DPC. A Data Protection Officer, or a Certified Data Protection Officer already at post, should hold explicit responsibility for the privacy dimensions of all security systems. Data Protection Impact Assessments must precede any new surveillance or biometric deployment.

Community Engagement
Formal collaboration protocols with the Ghana Police Service, including joint patrol agreements for high-risk periods like examinations and graduations, should be formalised in writing. A Campus Safety Ambassador Programme integrating student volunteers into the security communication ecosystem could substantially extend institutional reach. An accessible anonymous incident-reporting system, paired with regular published campus security reports, would begin to rebuild community trust where it has eroded.

The Bigger Picture
Ghana's tertiary institutions are no longer simply places of learning. They are complex communities that process personal data, manage digital infrastructure, and bear legal responsibilities analogous to those of medium-sized organisations in any sector. The security threats they face have evolved, from petty theft and trespass to cybercrime, examination fraud, and data breaches, and their security functions must evolve commensurately.

The resources required to implement a well-governed, technology-assisted, community-oriented, and legally compliant campus security system are substantial. But the cost of inaction, measured in safety incidents, regulatory sanctions, reputational damage, and the erosion of institutional trust is higher.

The data and lives entrusted to Ghana's tertiary institutions deserve a security architecture built to protect them.

About The Author
Richard Beyemba Yorda is a Security Administration Professional and Certified Data Protection Officer (CDPO) serving in the Security Directorate of the University of Education, Winneba (UEW). He writes on data protection, institutional security, and governance in the Ghanaian context.