Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1

 Overview  Why Data Protection Law?  Key Features of Data Protection  Processing of Personal Data  Data Protection Principles  Lawful Processing  Data Security  Individual Rights and Remedies  Access Procedures  Data Protection Supervisors  Exceptions  Questions/Comments, etc. 16/07/2013Data Protection Act, 2012: A call for Action2

 Establishes a Data Protection Commission, to protect the privacy of the individual and personal data by regulating the processing of personal information, to provide the process to obtain, hold, use or disclose personal information and for related matters.  Establishes the standards to be upheld by all who process personal data and these include governmental agencies. 16/07/2013Data Protection Act, 2012: A call for Action3

The premise underlying data protection legislation is that the processing of data relating to an individual constitutes a threat to the person’s rights and freedoms, especially the his or her right to privacy. The principle is therefore that if any individual cannot be recognised or identified from the manner in which data is collected, processed and or used, there can not be any significant threat to privacy and there is therefore no justification for legislative controls. 16/07/2013 Data Protection Act, 2012: A call for Action 4

 Data Controllers – The one who determines the purposes for which and the manner in which personal data, etc are to be processed.  Data Processor – The one who processes the data (it could be on behalf of the controller)  Data Subject – The one who is subject of personal data. 16/07/2013 Data Protection Act, 2012: A call for Action 5

 Relates to Obtaining Recording Holding or Carry out any operation(s) including ○ Organisation ○ Adaptation ○ Alteration 16/07/2013 Data Protection Act, 2012: A call for Action 6

○ Retrieval consultation or use of the data ○ Disclosure of the data by transmission, dissemination or otherwise making available. ○ Alignment, combination, blocking or erasure.  Means of processing Automatic in response to instructions Recording with an intention that it should be processed by such equipment Recording as part of a relevant filing system or with an intention that it should form part of a relevant filing system. 16/07/2013 Data Protection Act, 2012: A call for Action 7

 Personal Data – data that relates to a living person who can be identified from the existing data.  Special Personal Data (Sec. 37) – This normally relates to more sensitive information and must be subject to special protection. Eg. Racial or ethnic origin, political opinions, religious beliefs, physical or mental health or condition, sexual life, etc. 16/07/2013 Data Protection Act, 2012: A call for Action 8

 Fair and Lawful processing.  Obtained for specified lawful purposes.  The Personal Data must be accurate and updated.  The personal data must be adequate, relevant and not excessive for the purpose for which it is being obtained.  Time for keeping such data is limited to the necessary to keep for the purpose for which it has been obtained.  It must be processed in accordance with the rights of the data subjects. 16/07/2013 Data Protection Act, 2012: A call for Action 9

 There’s the need to undertake appropriate technical and organisational measures against unauthorised or unlawful processing.  Also the need to undertake measures against accidental loss or destruction of or damage to the data.  It must not be transferred unless the country or location is being transferred to ensures adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.  Where sensitive data is concerned it must be with the explicit consent of the data subject. 16/07/2013 Data Protection Act, 2012: A call for Action 10

 For concluding a contract with the data subject  For the controller to comply with a legal obligation  To protect the vital interests of the data subject  For the administration of justice  Necessary in the legitimate interests of the controller. 16/07/2013 Data Protection Act, 2012: A call for Action 11

Data users and operators must ensure the appropriate technical and organisational measures are taken against unauthorised or unlawful processing of data and against accidental loss or destruction of or damage to, personal data. They are also to ensure that data is not unlawfully obtained. 16/07/2013 Data Protection Act, 2012: A call for Action 12

 The right to obtain a copy of information held and concomitant rights to correct and obtain compensation.  Where personal data is being processed the subject must be given a description of the nature of the data held, the purposes for which it is being processed and the persons or categories of persons to whom it may be disclosed.  An enquiring subject must also be supplied with any information available as to the source of that information or data. 16/07/2013 Data Protection Act, 2012: A call for Action 13

 Written Requests  Appropriate Fee  Time for satisfying requests 16/07/2013 Data Protection Act, 2012: A call for Action 14

 A data controller may appoint a certified and qualified supervisor.  The supervisor is responsible for the day to day compliance issues. 16/07/2013Data Protection Act, 2012: A call for Action15

 National Security  Third party data  Data for policing  Data for revenue gathering purposes  Health  Social Work Data  Regulatory activity  Corporate finance  Negotiations  Examination Marks & Scripts  Research History & Statistics  Information required to be made public  Confidential References  Armed Forces  Judicial appointments & Honours  Management forecasts  Human embryos  Legal professional privilege  Self-incrimination 16/07/2013 Data Protection Act, 2012: A call for Action 16

16/07/2013Data Protection Act, 2012: A call for Action17

16/07/2013Data Protection Act, 2012: A call for Action18