The Government of Uganda is in advanced stages of putting in place a law to protect personal data collected by both government and private sector. The parliament will soon start scrutinizing the Bill.
Dubbed the ‘Data Protection and Private Bill 2015’, the Bill was tabled on the floor of Parliament on April20, 2016, by David Bahati, the then State Minister of Finance in Charge of Planning for first reading.
The country’s Speaker Rebecca Kadaga referred the Bill to the Parliamentary Committee of Information Communication Technology (ICT) for scrutiny.
Drafted by the former ICT Minister John Nasasira in 2015, the Bill seeks to protect personal data by regulating its collection, processing and users of such information. It gives effect to article 27(2) of the constitution that provides for principles of data protection and recognizing the rights of the persons from whom personal information is collected, processed and used.
Paula Mary Turyahikayo, the Chairperson ICT Committee Chairperson noted that currently, there is no legal framework that regulates how personal information is collected, processed, and used by the people entrusted with the data.
She warned that if a legal frame work isn’t put in place to govern the integrity, use, storage, and access to the data collected which is private in nature, there is a likely hood that the data collected will be abused or misused in absence of a legal frame work users.
At the moment, only article 27(2) of the Constitution provides for the privacy of persons with the clause spelling out that no person shall be subjected to the interference of the privacy of that person’s home, correspondence, communication or other property however it is being abused by different players.
The Bill comes at the time when Telecom players were ordered to register all its subscribers with Government arguing that the move is intended to enforce security and deter terror activities in Uganda.
A number of players are to interface with the Committee among them includes; the Telecom players, Security bodies, medics, who keep patients personal medical data among others.
The Bill also proposes that the National Information Technology Authority-Uganda (NITA-U) an autonomous statutory body established under the NITA-U Act 2009, to coordinate and regulate Information Technology services in Uganda.
It will monitor persons and bodies collecting data to ensure that personal information is collected, processed, stored and used in accordance with article 27(2) of the Constitution.
The bill sets a penalty of imprisonment not exceeding ten years or a fine not exceeding two hundred and forty currency points for a person who unlawfully obtains and discloses personal data.
It also deters sale of personal data by any person and set a penalty of imprisonment not exceeding ten years or a fine not exceeding two hundred and forty five currency points.