1. Data Protection InGhana
With the growing importance andvalue of data as a vitalandstrategic asset, todays Governments, businesses and organisations are facingthe
real challenge of implement reliable andsecure storage, backupto meet this challenge, there is a needto carefullydesigna nddefine their
business requirements.
As today’s governments, agencies, businesses andindividuals are increasinglyrecognizingthe need for data to be protectedagainst a wide
range of attacks, risks and threats, data protectionhasbecome a high priority objective and concern for businesses andgovernments alike. In
turn these institutions nowface real challenges ofidentifying, storing, managing, transmitting andprotectingtheir data so as to mitigate these
threats andattacks. Data protection is concerned with data security, thus thisinvolves confidentiality, integrity, authenticityandprivacyof
data that has to be processed. The Data protectionact largelyhas to do withprivacy;
The needto protect your personal information
Individualsunder this act have been empowered to findout how data heldabout themis protected. This takesinto consideration mechanisms
put in place to avoidanyunauthorized access, unauthorized processing
Personal data (or personal information) means information or an opinion about an identifiedindividual, or anindividual who is reasonably
identifiable, whether the informationor opinionis true or not, andwhether the informationor opinionis recordedinmaterial form or not.
Sensitive personalinformation includes racial or ethnic origin, politicalopinions, membershipof a political association, religious beliefs or
affiliations, philosophicalbeliefs, membership ofa professional or trade association, membershipof a trade union, sexual orientation or
practices, criminal record that is also personal information ,healthinformationabout anindividual, genetic information about an individual
that is not otherwise healthinformation, biometric informationthat is to be usedfor the purpose of automatedbiometric identification
or verification, or biometric templates.
The Data Protection Act controls how your personal information is used byorganisations, businessesor the government.
Everyone responsiblefor using data has to follow strict rules called‘data protectionprinciples’. Theymust make sure the information is:
Used fairlyandlawfully, Usedfor limitedandspecificallystatedpurposes, Usedina waythat is adequate, relevant andnot excessive, Accurate,
Kept for no longer thanis absolutelynecessary, Handledaccording to people’s data protectionrights, Kept safe and secure
Not transferredoutside without adequate protection.
Data ProtectionAct inGhana
In Ghana the Data ProtectionCommission(DPC) is anindependent statutorybodyestablishedunder the Data ProtectionAct, 2012 (Act 843) to
protect the privacyof the individualand personal data byregulating the processingof personal information. The Commission providesfor the
process to obtain, hold, use or disclose personal informationandfor other relatedissues bordering onthe protectionof personal data. The Act
was assentedto on May2012 andcame intoforce inaccordance withSection 99, Act 843 on 16th October 2012.
How does the act work?
According to data protectioncommission, the Act provides standard principlesthat must be compliedwith byall whoprocess personal
informationacrossthe countryandbeyond. The law appliesto allforms of personal data or information storedonbothelectronic andnon-
electronic platforms.
The Act is premised onthe fundamentalrule that all whoprocess personal data must take intoconsiderationthe right of that individual to the
privacyof his or her communications. Thisrecognitionbya data controller or processer should leadto the applicationof th e following Basic
Principles whiles processingsuch information. These include Accountability, Lawfulness Of Processing, SpecificationOf Purpose, Compatibility
Of Further ProcessingWithPurpose Of Collection, QualityOf Information, Openness, Data SecuritySafeguards and Data Subject Participation.
The Act and Employee privacy
Employees’ personal data should be kept safe, secure andup to date byan employer. Data anemployer cankeepabout anemployee includes:
Name, address, date of birth, gender, educationandqualifications, workexperience, National Insurance number, tax code, details ofany
known disability, andemergencycontact details amongst others.
Employers are not alsoleft out;theyshouldbe able to inform the employee what records are kept andhowthey’re used, the confidentialityof
the records, how these records can help withtheir training and development at work.
Aside enjoying the privacyemployees’ rights are spelt out under the act, this includes; Accessto personalinformation, Right to amendyour
personalinformation, Right to prevent processing ofyour personalinformation, Rights to freedom from automated decision making
Data collectionandretention
The most effective means ofmitigatingthe riskof lost or stolen personal data is not to holdthe data inthe first place. Data retention and
replicationshould always be assessedagainst business needandminimised, either bynot collecting unnecessarydata or bydeleting data as
soon as the needfor it has passed.