The Office of the Data Protection
Commissioner notes the continued unauthorised leaking of personal and
confidential information into the public domain without the consent of the data
controller(s) and individual(s).
Persons are reminded that under
section 6(d) of
the Data Protection Privacy of Personal Information Act (the Act):
“
appropriate security measures shall be taken against the
unauthorised access to, or alteration, disclosure or destruction
of, the data and against their accidental loss or destruction.”
Further, it should be noted that under the
Act, Heads of Department/Ministries are held accountable for data breaches.
This Office will hold Department Heads
accountable and will make every effort to ensure that the individual’s personal
information is not disseminated into the public domain without the consent of
the relevant data controller and the individual(s) concerned. Where it is found that data breaches were maliciously
committed by officers of the data controllers those persons will be prosecuted
in accordance with
section 27 of
the Data Protection (Privacy of Personal
Information Act) 2003.
The public is advised that the Office of
the Data Protection Commissioner is taking proactive steps to establish
connections with the relevant international regulatory agencies to ensure that
unauthorised disclosures of personal data are adequately dealt with.
We are committed to working with all
stakeholders to ensure that the necessary framework and resources which are
required to enable the enforcement of the
Data
Protection (Privacy of Personal) Information Act are achieved.