Managers and Directors of four data controlling entities have been summoned by the Cybercrime Unit at the Criminal Investigations Department (CID) for failing to register their facilities with the Data Protection Commission (DPC).
The move forms part of a robust mechanism put in place by the DPC, in collaboration with the CID of the Ghana Police Service, to prosecute non-compliant data controllers.
The affected institutions are Marina Shopping Mall, Koala Mall, Best Western Hotel and the Korle Bu Teaching Hospital (KBTH).
A combined team of police officers from the CID and officials of DPC visited the premises of the affected institutions yesterday and gave separate invitations to their managers and directors to proceed immediately to the Cybercrime Unit of the CID for interrogation.
In all the places visited, the team held brief sessions with the managers of the institutions behind closed doors, but they later briefed journalists about the outcome of those sessions.
At the Marina Mall, for instance, journalists were told that the manager of the entity began the registration process 15 minutes before the team got there.
A printed receipt showed that the management of the company had initiated a registration process requiring it to pay GH¢1,500 to the DPC to proceed with the registration.
Best Western Hotel and Koala Shopping Mall had not started any registration process.
The Executive Assistant to the Chief Executive Officer (CEO) of the KBTH, Alhaji Muniru Alhassan, after engaging with the team, explained that a process had been initiated two days earlier to register with the DPC.
"There is a restructuring of the management here, so that has affected operations a bit, resulting in the delay in registration," he said.
‘No turning back’
Meanwhile, the Director in charge of the Cybercrime Unit at the CID Head Office, Dr Herbert Gustav Yankson, said the police would not relent in their efforts to arrest and prosecute all data controllers who failed to meet the requirements of the Data Protection Act, 2012 (Act 843).
"We have educated all data controllers on the need to register with DPC, but unfortunately most of them have still not done so as required by Section 27 of the Data Protection Act, 2012 (Act 843).
"Section 56 also requires that anyone who fails to register should be prosecuted, so we will apply the law appropriately," he said.
The head of Public Relations and Communications at DPC, Mr McDonald Bubuama, said the exercise to arrest and prosecute noncompliant institutions would continue until the last entity was registered with the DPC.
He urged the public to take keen interest in the way their private information was managed by supporting the DPC and the police to enforce the law.
The DPC last week initiated an action to prosecute officials of 177 institutions which function as data controllers but have failed to register with the commission, as required by the law.
The institutions, comprising 25 airlines, 89 hotels, 50 hospitals and 13 shopping centres, violated the Data Protection Act, 2012 (Act 843) which makes it obligatory for institutions that perform functions as data controllers to register with the commission.
The DPC commenced the registration of data controllers on May 1, 2015 and served notices that an institution or individual existing prior to the commencement of Act 843 had three months to comply with the requirement to register.
The three-month period, however, expired on July 31, 2015 and was subsequently extended by another three months, on the request of data controllers.
But many institutions the commission expected to comply with the directive failed to do so.