NCRA facilitates discourse on Data Protection & Policy Bill
By Ibrahim Tarawallie
The National Civil Registration Authority (NCRA) has on Thursday December 3, 2020 facilitated a stakeholder’s discussion on the draft Data Protection and Policy Bill.
The meeting at the Ministry of Finance conference room brought together representatives from the Rights to Access Information Commission, Ministry of Information and Communications, Human Right Commission of Sierra Leone, Immigration Department, Civil society and other players.
Welcoming participants, Director General NCRA, Mohamed Massaquoi said with the support of the United Nations Development Programme (UNDP) and the European Union, they have been collaborating with some MDAs for the development of the draft document.
He said after the western area engagement, NCRA will move to the other four regions to update them about what have been achieved so far.
“Some institutions have to share data but the privacy of data is a concern, hence the need for us all to discuss this draft bill and policy so as to have a better document at the end of the day. We need your inputs and the reason for this meeting,” he said.
The Consultant, Emmanuel Saffa Abdulai stressed the need for data protection, which was why the document has been drafted for stakeholders input.
He said a bill has been drafted together with a policy that should have the contributions of key stakeholders across the country.
“Our purpose here is to talk to MDAs as we all know you have been doing different work and keeping various data. The objective of the policy is to inform the development of privacy and data protection law and facilitate statutory and regulatory compliance and enhance effective application of proposed law in Sierra Leone,” he said.
According to him, the policy will ensure compliance with the international good practices and also ensure consistency in practices and procedures in development and administering the privacy and data protection laws.
Saffa Abdulai noted that the scope of the policy set out the requirement for the protection of personal data in manual, electronic or any other form. The policy, he said shall be the overarching guiding document in relation to maters of privacy and data protection. He added that the policy applies to any personal data which is processed or controlled by people.
The Consultant noted that the principles of the policy stipulated that data collection regarding the processing of personal data shall be transparent.
“A data controller processor should practice transparency so that the data subject will be sufficiently informed regarding the processing of personal data. Personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose of which the data will be used,” Mr. Abdulai explained.
Mr. Abdulai said there shall be a designate data protection officer to handle all matters of data protection and that anyone involved in data processing or the control of data, shall develop security measures to protect data.
“The office of data protection regulator should be an independent body responsible for upholding the information. Implementation of this policy will be gradual and in phases. This policy shall be review every five year or more frequently if appropriate to be consistent with future development industry trend,” he said.