Report Unregistered Data Controllers For Prosecution - DPC
The Data Protection Commission (DPC) is calling on members of the general public to desist from providing their personal information to data controllers who are not registered with the Commission.
Speaking at a news conference in Accra, the Executive Director of Data Protection Commission, Teki Akuetteh Falconer urged Ghanaians to report unregistered data controllers to the Commission especially where they felt they were being compelled to provide their personal information.
According to her, with effect from Monday 19th June, 2017, they will begin a monthly publication of the list of offending data controllers in the newspapers with the aim of naming and shaming them.
She added that the publication will be followed shortly by the arrest of the offending data controllers and their subsequent arraignment before the courts.
Teki Akuetteh Falconer noted that checks revealed that these illegal data controllers include a number of ministries, departments and agencies, municipal, metropolitan and district assemblies, public and private organizations, security agencies, airline companies, law firms, hotels and restaurants.
She added companies, partnerships and trusts, hospitals and clinics, microfinance and insurance companies, accounting firms, auditing firms, educational institutions, media houses, voluntary groups and associations and others are all affected.
Mrs. Falconer indicated that all data controllers registered under the Data Protection Act have been issued with a certificate and that the general public can verified whether or not the entity they are dealing with is duly registered by visiting their website or call their office lines ( www.dataprotection.org.gh ).
The Executive Director cautioned the general public that the dangers associated with the unlawful processing of personal data is real and includes risk of personal data being traded on the darkweb and potentially being used for all sorts of unauthorized and illegal activities.
She mentioned identity theft as a result of careless handling of personal data by data controllers, misrepresentation of information, lack of access or control by persons over their personal data and illegal collection and sale of credit card information for fraudulent purposes.
Another common trend Mrs. Falconer noted is the sale of personal data to third parties for unsolicited marketing communications and unauthorized disclosure or sharing of the personal data that can put individuals at risk of discrimination, fraud, stealing, armed robbery and many more.
In lieu of this grave danger, the Data Protection Commission has made a final call on data controllers that failure to register with it will pose serious danger to the security of the personal data they process.
“ A person who fails to register as a data controller but processes personal data commits an offence and is liable on summary conviction to a fine of not more than two hundred and fifty penalty units or a term of imprisonment of not more than two years or to both in accordance with section 56 of the Act,” she stated.
The Executive Director called on all entities consultants and individuals, who collect, hold and use personal data in Ghana to register with the Commission in accordance with sections 27(1) and 46(3) of the Data Protection Act.