Scores of multinational companies and some state institutions face legal action from the Data Protection Commission for violating the requirement to register with it, in accordance with Section 27 (1) of the Data Protection Act, 2012 (Act 843).
The offending entities include a number of airlines, shopping outlets, hotels and public hospitals including the Korle Bu Teaching Hospital and the Komfo Anokye Teaching Hospital.
The Commission, in a release, noted that its actions were in the interest of the public, thus, “the Commission has no choice but to commence the prosecution of the offending institutions and the publication of their names to prevent reckless misapplication, use and abuse of personal data.”
According to the Commission, the release is the first in a series of publications they will be undertaking.
It subsequently called on offending institutions to “as a matter of urgency to register now” to avoid prosecution.
The Data Protection Commission, in its release, reminded that the Data Protection Act “mandates all entities (public and private, local and international), consultants and individuals who collect, hold and use personal data in Ghana to register with the Data Protection Commission in accordance with Sections 27(1) and 46(3).”
The act states that, a person who fails to register as a data controller but processes personal data, commits an offence, and is liable on summary conviction to a fine of not more than two hundred and fifty penalty units, or a term of imprisonment of not more than two years or to both.
The Act also prohibits the collection, holding and using of personal data by data controllers that have not registered with the Commission.
The Data Protection Commission also took the opportunity to warn the public against providing their personal information to such institutions.
“The general public is also cautioned against providing their personal information to such institutions since it increases the dangers associated with the unlawful processing of their personal data which includes sale of their information (such as credit card details, residential address, phone numbers, etc) to third parties for criminal and fraudulent purposes, lack of access or control over their information and identity theft.”
Find the full release with the first batch of cited companies here
By: Delali Adogla-Bessa/citifmonline.com/Ghana