Stop patronising unregistered data controllers - DPC warns

Chief Executive Officer of the Data Protection Commission, Teki Akuetteh Falconer, has cautioned the public against dealing with institutions that have not registered with the Commission.

The call, she noted, is to draw the attention of the public to the dangers that data controllers who have failed to register, continue to pose to the security of the personal data that they process.

Teki said this at a press conference held in Accra to register the commissions displeasure at some organisations who have still not signed on to the Commissions database as required by Sections 27(1), and 46(3) of the Data Protection Act, 2012 (Act 843).

She further added that her outfit is taking steps to sanction defaulters with the aim of preventing further unlawful processing of individuals data.

Effective, Monday 19th June, 2017, we will begin a monthly publication of the list of offending data controllers in the newspapers with the objective of naming and shaming them.

In addition, we will be warning the public of providing their personal information for use of their services.

This publication will be followed shortly by the arrest of the offending data controllers and their subsequent arraignment before the courts, Mrs. Falconer stated.

These firms include a number of ministries, departments and agencies, municipal, metropolitan and district assemblies, public and private organisations, security agencies, airline companies, law firms, hotels, restaurants, and hospitals.

Others are microfinance and insurance companies, accounting firms, auditing firms, educational institutions, media house, among other associations.

Dangers associated with the unlawful processing of personal data includes the risks of personal data being traded and used for unauthorised and illegal engagements, for identity theft, and other criminal and defaming activities.

Mrs. Falconer added:We want to use this opportunity to inform members of the public that these risks are increased when we provide personal data to unregistered data controllers, urging the public to look out for data protection certificates, and report unregistered companies to the Commission.