In 2015, the West African nation embraced a National Cyber Security Policy and Strategy, in which it first laid out a long list of concerns:
- Cyber cafes, a primary source of Internet access for many Ghanaians, have become “fertile” for cyberattacks.
- The growth of smart phone usage as well as M-commerce has led to increased mobile phone cybercrime.
- Multiple government websites have also fallen victim to cyberattacks.
- “Sakawa,” Internet fraud that takes advantage of traditional and religious rituals to gain money, continues to be popular and to be under-prosecuted due to an under-resourced and untrained police cybercrime unit and a lack of laws against such acts.
- A coordinated structure for reporting cyber incidences does not exist.
With a vision of creating, “A secure and stable connected Ghana with Internet users working and creating wealth in a safe cyber space, with a well-researched and trained academic and professional community protecting Ghana’s cyber space equipped with global standards and responding swiftly to cyber incidents, and with up-to-date laws and systems in place to efficiently prosecute cyber criminals,” it is clear that the Ghana National Cyber Security Policy and Strategy aims to remedy the aforementioned issues.
Such change, however, won’t happen overnight.
To achieve this vision, Ghana is focused on nine policy pillars, set to be achieved in a 5-year strategic plan between now and 2020. The pillars are: effective governance, a legislative and regulatory framework, a cyber security technology framework, a culture of security and capacity building, research and development towards self-reliance, ensured compliance and enforcement, child online protection, cyber security emergency readiness and international cooperation.
Although Ghana’s nine pillars remain a work in progress, last month’s inaugural Data Protection Conference in Accra demonstrated Ghana’s commitment to work in the present towards a more secure cyber space. The conference, themed, “Creating the Right Balance between the Need for Information and Data Protection,” strived to raise awareness about data protection issues and statutory obligations for data controllers and processors.
The event reminded the hundreds in attendance to adhere to the provisions set out in 2012’s Data Protection Act (Act 843), legislation that has been widely applauded for directly addressing the need for data privacy. Of note, the act establishes data protection principles and guarantees user rights regarding personal information, including the right to access and amend your personal information, to prevent processing of your personal information and to complain to the Data Protection Commission. Unfortunately, Act 843 is not without flaws. The Data Protection Act includes a vague exemption to all provisions of personal data processing when for the good of “public order, public safety, public morality, national security or public interest.” Such loosely defined terms can be—and frequently are—used to infringe upon individuals’ rights.
In the words of Ghanaian Chief Justice Georgina Theodora Wood at the conference, “Privacy fortifies our human dignity and guarantees other key values such as freedom of association and freedom of speech in our society. Our fundamental right to privacy as enshrined under Article 18(2) of the 1992 Constitution cannot and should not be compromised, especially today.”
We agree. The National Cyber Security Policy and Strategy and the Data Protection Act collectively establish Ghana as a leader in cybersecurity and protection of free speech. As we wait to see what that brings, remember your privacy and security remain in your own hands.
Want to know more about data privacy around the world? Read on!