Has this happened to you or someone you know? You disclose your personal information on trust to a telephone company, a bank or a government office. The next moment, it’s in the grips of a stranger, with disastrous consequences. In the wrong hands, names, pictures, phone numbers, email addresses, borrowing histories, bank and credit card details, etc., have been manipulated for the purpose of annoyance, unsolicited marketing, fraud. Don’t sit back and fold your arms. There’s a way, under Ghanaian law, to keep an eye on telcos, banks, government departments and anybody who chooses to (or must) hold and use your personal information, as well as their ‘agents’ who collect and organise the data. Know your basic rights, and you can shred anyone’s designs to abuse your personal information.
Permission and Purpose
Nobody can collect, work on and use your personal information, unless they first ask for your permission. Even then, they must collect your information directly from you, not from another person. It’s your right to object to any breach of your permission-right and your direct-request rights. A person who collects and uses your data must tell you the specific purpose they need your data for, and keep within that purpose always.
Authorised Use Only
At this moment, people are trying to obtain your personal data for commercial or criminal use. Your partner’s information too. And your children. Your workmates. Everybody. It’s wrong in law for any third party to buy or intentionally obtain your personal information from a ‘collector’. It’s a serious offence to on-sell or release legitimately-held data to a third party. The legitimate holder of your information has no right even to use it to market their activities back to you. The penalties for breaching these rules are stiff (including fines and jail time).
Right of Access
You have the right to be given access to your personal information by a person holding it. Once you can prove your identity, you may request a ‘controller’ or their agent to tell you if they have your personal data, and exactly what they have. And they must answer you. You can even ask for a list of the people they have shared your information with.
Obligations of Holders of Others’ Personal Data
‘Collectors’ of your personal data and their agents owe many duties to you. They must tell you the nature and purpose of the data they want to collect about you before they do. They must provide to you the full identity of the ‘collector’ and ‘processor’ of your data. If you have an option to decline to give your data, they must tell you so. (You don’t always have such an option, as some laws mandate the taking of your data). You must be informed of your right of access to your information so collected. And they mustn’t disclose your information to anybody else, unless the law compels them to.
The remedies for any abuse of your data-protection rights include the stoppage of the breach, your right to insist that wrong or incomplete data be corrected or completed, hefty fines and even prison.
There you have it. A few points on your right to have your person information protected while in the hands of other people. In sum, you have the right to know why they collect your information, what they use it for and who they share it with. Anything they do without your permission and knowledge is an infraction that you can object to, act to restrain, obtain compensation for, and pursue punishment for the perpetrators.