3 minute read
The new Galamsey: Breach of p ersonal dat a
Have you ever wondered how random strangers are able to add you to lottery WhatsApp groups, or receive text messages from sports betting companies or even receiving phone calls from strangers in respect of mobile money fraud? This article seeks to discuss personal data and how it may be breached.
What is Personal Data
Advertisement
Personal data means data about an individual or data subject data or other information in the possession of or likely to come into the possession of a data controller[ Data Protection Act, 2012 (Act 843)]. Essentially, this means that personal data is information about a person that
Once data or information can distinguish you from other individuals, it becomes your personal data. Personal data includes a myriad of things that can be used to identify a person, such as a name, date of birth, email address, phone number, ID numbers and physical traits, among others.
A data controller is thus a person who determines the purpose for and the manner of processing of personal data, either alone, jointly with others, or as a statutory duty[ Ibid ].
Personal Data Breach
A breach of personal data is more than just the exposure of your personal data to unauthorised persons; it is a breach of security that leads to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to your personal data[ Information
Commissioner, O. (n.d.). Guide to Data Protection: Guide to LE
Processing: Personal Data Breaches. Retrieved from A ICO Website: https://ico.org.uk/f o r - org a nis a ti on s/ g uid e -t o- d at a-p r o t e ction/guide-to-le-processing/pers onal-data-breaches/]. Personal data can be breached by those to whom it is entrusted. There are several situations in which we willingly give out our personal data to people who may owe us a duty of care in how they handle the data. For exameven the hospital and you are asked to leave your name and telephone number to show you came in and left at a particular may be asked to leave his or her phone number in order to be contacted for church activities among others. Another example is with regard to scanning and printing several copies of your forms or IDs at business centres. Some individuals knowingly or recklessly may disclose personal data, and some go to the extent person’s personal data to a third party without the consent of the data subject. All of the examples of how we give out our data willingly can be very easily exploited by those we trust with it. All the scanned copies of documents or ID cards with personal information are at wrong reasons for those who are to protect and properly dispose of that data. Fortunately, the Data Protection Act has a provision that states the penalty given to a person when they knowingly or recklessly disclose personal data. That person is liable on summa - more than 5,000 penalty units which is GHS60,000 or to a term of imprisonment of not more and a term of imprisonment[ Data Protection Act, 2012 (Act 843)]. Also, a person who sells orty units, which is GHS3,000, or a term of imprisonment of not and term of imprisonment[ Ibid ] The careless breach of personal data is much closer to home than we think. With the transition to digital data and information collection and storage, many persons, institutions, and organizations are not properly destroying the personal data they have collected from individuals after use. For example, require the customers to complete forms with personal information on these forms. After the data has been taken from the forms, the forms may, if not properly destroyed, end up in the hands of street vendors. Your favourite kelewele vendor is probably wrapping your GHC 5 kelewele
Baabone some years back AAP Bank Ltd. This gives an individual looking to unlawfully use that personal data unauthorized access to that data. Another example of how personal data may be breached is when information is sent to the wrong address because of some error right checks were put in place. Sometimes, all it takes is a typographical error with a postal address, phone number, or email address for some health record or sensitive information to go to an unauthorized person. If the person is not lawful or does not have good intentions, that information can be used in the wrong way. The Data Protection Act makes provision for remedies in the event of a breach of personal data. Individuals through contravention by a data controller or processor are entitled to compensation from the controller or processor and can seek such compensation through the Courts. Additionally, an individual has the right to complain to the Data Protection Commission if they feel a person or organization is not complying with their responsibilities. The Data Protection Commission may investigate the issue and ensure that your rights are u p h e ld
Data has become the new gold and mining that wealth of knowledge is now a dire security risk that needs more attention in Ghana, and on the co n tin en t
Article written by Prince Addoquaye
Acquaye & Sedinam Naki Anyasor
About the Authors
Prince A. Acquaye is the Managing Partner at Corporate and Allied Attorspecializes in corporate governance, intellectual property, immigration, general corporate commercial, data protection and M&A. Sedinam N.A. Anyasor is senior at Ashesi University and is majoring in Management Information Systems with a concentration on Information Systems. She developed an interest in law and wants to pursue it as a career.
