Fast track court to prosecute data protection breaches

The Office of the Attorney General (AG) has created a fast track court for the Data Protection Commission (DPC) to begin prosecuting institutions and companies which have not complied with data protection regulations.

This was revealed by the Executive Director for the Commission, Ms. Patricia Adusei-Poku during the commemoration of this year’s Data Protection and Privacy day in Accra.

The move has become necessary as a number of institutions have failed to adequately protect personal data of their respective clients. It is a key measure taken by the Commission to ensure that all institutions in the country comply with data enforcement regulations.

“Leaders who are hearing about data protection, ignoring it and going under the radar, we will pick a section of the Act and begin prosecution for ignoring your responsibility to lead your organization to comply with the law”, Ms. Adusei-Poku cautioned.

This is not the first time the Commission has served notice of prosecuting data controllers who have failed to comply with the law. Ms. Adusei-Poku told the Goldstreet Business that with regards to the previous institutions who were found culpable, it turned out that they did not understand the position of the Commission regarding enforcement and their consequent obligations.

But since then her outfit has taken proactive steps to engage data controllers to enlighten them as to their obligations and has offered all the necessary support, and she therefore insists that when the Commission begins its enforcement action through prosecution, data controllers would not have any excuse for not complying.

Data protection compliance is currently recognized as a business differentiation factor globally. What this means is that it has now become a requirement for people to choose business partners based on their compliance as a number of contracts are now awarded based on data protection regulations their enforcement and actual compliance.

It is expected that institutions who wish to do business with domestic and international partners, will be required to provide license on data protection as evidence of compliance with the law.

To scale up the process, the DPC has begun joint enforcement with the National Communication Authority (NCA), Bank of Ghana (BoG) the National Petroleum Authority and other regulatory institutions in the areas of telecom, financial services and the oil & gas sectors respectively asking these bodies to put in the data protection requirement as an eligibility criterion for being allowed to operate.

Measures taken by the Commission regarding enforcement include possible fines, negative media attention, sanctions, loss of career and persuading partners and associates to disassociate themselves from doing business with non-compliant companies.

By Dundas Whigham