Introduction Ghana is one of the few African countries that have passed a law on data protection. An independent organisation, Data Protection Commission (DPC) has been set up under the Data Protection Act, 2012 (Act 843) to protect the privacy of the individual and personal data by regulating the processing of personal information in Ghana. According to Computer Business Review, data protection breeches by UK business resulted in revenue loss of “£1.2m, which is 13%.
How much do you care about the protection of the customers data you hold? Do you care enough about your brand? Certainly one does not want to put his or her business name into disrepute and yet many businesses are falling foul of the Data Protection Law, Ghana’s data protection is in its infancy and more has to be done to educate businesses and organisations about the importance of data protection in this century. This article will briefly discuss the Data Protection Law and focus on Data Security, one area of the law that has landed a lot of businesses into trouble with the Information Commissioner Office (ICO) in the UK. Ghana has a great opportunity to learn from the best practices from the UK and the West.
Data Protection Act, 2012 (Act 843)
Please visit the Data Protection Commission’s website to learn more about the Data Protection Law http://www.dataprotection.org.gh/data-protection-act a pdf copy is also made available for download. Data Protection Act, 2012 (Act 843) provides 8 principles that must be complied with by all data processors. The Act affects both electronic and non-electric platforms. The eight principles are: Accountability, Lawfulness Of Processing, Specification Of Purpose, Compatibility Of Further Processing With Purpose Of Collection, Quality Of Information, Openness, Data Security Safeguards, and Data Subject Participation.
Some Data Security Tips
• Encrypt your hard drive and USB storage devices, including flash drives.
• Back up your data, you may use cloud solutions but have a policy for users and enforce it.
• Securely erase personal information before you get rid of your computer.
• Have a strong password and different password for all your accounts.
• Make sure you protect your computer and network with a fire wall.
• When you sign up for antivirus choose the full online security option and also provides protection for your mobile devices.
• Make sure the operating system of your computer or Smartphone is up to date.
Influence change in your organisation
It is widely known that human factors played a major role in some of the data protection breaches in recent times. Organisations must develop leaders to make them more agile. A leadership culture will respond to change quickly. In a fast pace world like we live in now, organisations need to invest in leadership to influence change in areas like data protection in the organisation. Whilst leaders inspire their team, managers love to command and control. Leaders are more proactive while managers are reactive and may perform badly in responding to data breach in an organisation. Leaders focus and inspire team to take action managers focus on processes and the work. Focusing on the people may help prevent most of the data breach. Clearly a leadership culture will go a long way to reduce data protection breaches.
Secure Data Erasure
Secure data erasure is a computer software method that overwrites hard drive and other storage media several times by wiping off all electronic data on the device. Delete, formatting is not secure erasure. “Right to erase is not right to delete or format” It is scary to note many people, including some IT Professionals thinks formatting a hard drive is enough to erase data from a computer hard drive. That is far from the truth. There are many tools on the market that will recover data from a formatted hard drive. To completely erase data from a computer one will require specialist software like the Secure Data Erasure solutions from Blancco. Do you have an IT Asset Disposal Policy? How are you planning to erase personal information completely from a broken hardware or computers that have come to the end of their life cycle in your organisation? When choosing a solution, consider solutions that are certified and approved by accredited agencies like Communications Electronics Security Group (CESG).
RTE News, an Irish news website published on 25 FEB 2016 that “a data breach is more damaging to an organisation than the departure of its chief executive, a profit warning or a product recall,” If you run an organisation that processes personal data, the first thing is to register with the Data Protection Commission and invest in data protection training and encourage a leadership culture in your organisation. Dispose of your IT asset responsibly by completely wiping off personal data before it is taken out of service.
Joseph Djokey is an IT Consultant with experience in the British Army and now a Blancco Group Authorized Partner. Joseph helps organisations to permanently erase data to prevent data recovery from unwanted sources.