Monday, 9th March, 2026
Hon Abed-Nego Lamangin Bandim
Bunkpurugu
Mr Speaker, I thank you for the privilege to deliver this vital Statement in commemoration of Data Protection Week, which was last week, of which Mr Speaker, you were invited to partake, and the Second Deputy Speaker ably represented you and made a Statement on your behalf.
Mr Speaker, this is a pivotal occasion. It is dedicated to elevating national awareness, advancing fundamental policy rights, and rigorously strengthening institutional compliance. In an era where digital information drives sovereign governance and economic development, our responsibility is clear. Safeguarding the personal data of our citizens has never been more urgent. This House is the ultimate embodiment of democratic accountability. We recognise that the trust reposed in us by the Ghanaian citizens extends beyond legislation and oversight. It demands the absolute, uncompromising protection of their digital identity.
In furtherance of this mandate, the Data Protection Commission, alongside the Ghana Association of Privacy Professionals, has adopted a compelling theme, which is: “Your Data, Your Identity, Building Trust in Ghana’s Digital Future”. This will anchor a comprehensive month-long series of national celebrations.
Mr Speaker, this initiative reaffirms our collective commitment to the Data Protection Act of 2012, (Act 843). The principles of (Act 843) are unequivocal. Personal data must be processed lawfully, fairly, and transparently. It must be collected exclusively for specific, legitimate purposes. It must remain accurate, secure, and retained strictly within statutory limits. Compliance is not merely a bureaucratic duty. It is a moral imperative. It underscores our profound respect for the digital autonomy and freedoms of every Ghanaian.
We must acknowledge a hard truth about our interconnected digital ecosystem. Catastrophic data breaches are no longer just technical failures. The most severe vulnerabilities are human and behavioral. They stem from weak cybersecurity practices, sophisticated phishing attacks, and the careless handling of official information. They also arise from exposing personal data on platforms like Facebook, X, TikTok, and WhatsApp. These platforms are invaluable for public engagement. Yet, they remain highly porous channels.
Sensitive information can be unintentionally disclosed, algorithmically manipulated, or maliciously exploited. The sophistication of cyber threats is escalating. Synthetic identity theft, digital impersonation, and unauthorised data harvesting demand uncompromising vigilance from all of us. The relentless work of our regulatory bodies highlights an absolute necessity: we need continuous education, responsible digital conduct, and strict adherence to security protocols. Data protection is not a technological dilemma we can simply outsource to IT departments. It is a fundamental human responsibility. It requires discipline and accountability at every echelon of institutional activity.
Mr Speaker, the late Dr Kofi Annan profoundly observed: “Knowledge is power. Information is liberating. Education is the premise of progress, in every society, in every family”. This timeless wisdom reminds us of a critical balance. The digital flow of information empowers our institutions and our citizens. But it must be managed with utmost responsibility. We must ensure its power serves the public good, rather than undermining our national security or compromising individual privacy.
Mr Speaker, Parliament handles vast quantities of highly sensitive information daily. We process restricted administrative records, citizen petitions, confidential committee documentation, and witness testimonies. The very nature of our work demands the highest echelons of data privacy protection. It is incumbent upon us to guarantee our data architectures are fortified. We must protect them against unauthorised access, misuse, or catastrophic loss. Strengthening our internal systems is essential for legal compliance. More importantly, it is vital for preserving unwavering public confidence in the integrity of this House.
In October 2025, the Select Committee on Information and Communications conducted a comprehensive working visit to the Data Protection Commission. The Committee was thoroughly briefed on the Commission’s achievements, its ongoing projects, and its pressing operational challenges. We witnessed firsthand the hurdles they face in policing our digital economy. In response, we pledged our mutual, bipartisan support to their national campaign on data protection.
Mr Speaker, the Data Protection Commission has issued a formal declaration. 2026 marks the definitive beginning of a full-scale, punitive enforcement drive. The era of regulatory leniency is unequivocally over. Parliament has demonstrated exemplary leadership in the face of this paradigm shift. We have formally appointed a Data Protection Supervisor. We remain resolute in upholding the fundamental tenets of privacy across all our operations. The Commission is rapidly scaling up punitive measures against noncompliance. Under section 56 of the Act, these include severe fines and potential imprisonment.
Therefore, I strongly urge my esteemed colleagues who engage in private enterprise outside this House: ensure your organisations are strictly compliant. All businesses in Ghana must adhere to Act 843. They must register immediately with the Data Protection Commission. Throughout this month, a diverse array of activities will be undertaken nationwide to sensitise citizens on data protection. Here in Parliament, Hon Members, Staff, and stakeholders will actively participate. These engagements will deepen our technical understanding. They will reinforce administrative accountability. Above all, they will cultivate a resilient culture of privacy consciousness across all facets of parliamentary operations.
Mr Speaker, I conclude with a charge to all Hon Members and staff of Parliament. Actively engage in the activities planned for this critical initiative. Integrate core data protection principles into your daily workflows. Let us unequivocally demonstrate that the Parliament of Ghana leads by example. We must safeguard the personal information of our constituents. We must uphold the highest standards of confidentiality, integrity, and responsibility in all that we do. Mr Speaker, I thank you.
Hon Patrick Yaw Boamah
Okaikwei Central
Thank you very much, Mr Speaker, for the opportunity to make some comments on the Statement ably made by my Colleague from Bunkpurugu.
Mr Speaker, Data Protection Act, 2012 (Act 843) was passed in 2012, and I think it is about time that, with the developments in the world and the coming into force of social media which has taken over the traditional media space, it underwent some reforms and to bring the Act in conformity with the global trend.
Mr Speaker, data has been collected from us by the National Health Insurance Authority, the Driver and Vehicle Licencing Authority, National Identification Authority, the National Communications Authority, Birth and Death Registry, and other agencies of state. Data, we say, is gold, and if you read section 96 of the Act, the definition of data has been expanded, and with your kind permission, Mr Speaker, I would read just a couple for us to appreciate what we are talking about.
I am reading from the section on Interpretation, “Data means information which: a. is processed by means of equipment operating automatically in response to instructions given for that purpose; b. is recorded with the intention that it should be processed by means of such equipment…”.
Mr Speaker, there are sanctions regimes attached to the Act, which also enjoins the Minister for Communication, Digital Technology and Innovations to come to the House with some regulations to see to the implementation of this Act. Anyone who violates the use of someone’s data or without going through the right processes is required to pay about GH₵60,000 or face a sentence of not less than 10 years or both.
Mr Speaker, there are legislations and laws that govern data protection. But in our country, you realise that people just abuse people’s data, use them anyhow without any sanctions or enforcement. And that requires the law enforcement agents to be trained professionally, because you have data of kids, Members of Parliament, chiefs and very prominent people and other members of society being used and abused for financial purposes without recourse to the enabling Act.
It is a call in the right direction by the maker of the Statement for us to appreciate the need for data protection and also enforce the cybersecurity laws of this country to protect our image and our kids going forward. I thank you very much, Mr Speaker, for the opportunity.
Hon Hamza Adam
Kumbungu
Thank you, Mr Speaker. I am enjoying Leadership here as available Leader. Let me commend the maker of the Statement for bringing to fore a very important subject matter which has to do with data protection.
Mr Speaker, we all know that data is a very critical need for the development of our country. It is important for planning; it is important for economic development; it is important for growth. So, it becomes very important that we cannot do without data.
Unfortunately, Mr Speaker, technology today has made data to be very vulnerable to destruction. A lot of people now can because of technology infiltrate into people’s data, so, Mr Speaker, you and I remain naked because of the technology we have today. And if we do not take steps to ensure that we protect data, no one is safe. If we watch the war that is happening in the Middle East, we would see that it is because of the data countries have of other countries, that is why they are able to set and target them from 2,000 miles away. They sit in their room and target somebody and because of the data, the fellow has been able to infiltrate and track. So, it is important that we pay attention to data.
Mr Speaker, in this country, a lot of people do not have understanding of how it works and so for that matter, we see people just giving themselves out and making it easy for people to go through their data. And so, in recent times we find the very bad side of people’s bodies being leaked in the social media. It is because of the fact that they do not understand how it works. So, I think that we need to do a lot of sensitisation.
Days like this, it is important we take advantage and sensitise people to understand how data works today so that when they are holding their phone, they know how to manage their data. Even those who are supposed to collect data know what they are supposed to be doing, because if one is tasked to gather data, the person is supposed to ensure that they uphold to truthfulness, confidentiality and ensure that they protect the identity of the people whose data they have collected.
People do not know this so if we take steps to ensure that we sensitise the public on days like this for people to understand the need to protect data, I think that will be helpful, Mr Speaker, to wrap up, the laws we have in this country have adequately addressed that of data protection. We have enough laws. Some of them have been mentioned by my senior Colleague over there. He has enumerated a number of laws, but how to enforce this is the problem.
So, I want to strongly recommend that those who are responsible in enforcing, deal with people who are found to breach these regulations are properly handled and I am sure it will serve as a deterrent to those who probably have the intention of going into that.
With these few words, I thank you for the opportunity, Mr Speaker
Hon Abdul Kabiru Tiah Mahama
Walewale
Mr Speaker, I would want to commend the Chairperson of my Committee for that Statement and also let me add that, we participated in the Data Protection Conference and the presentation and discussion brought to the fore, the need for us to look at the Data Protection Act, 2012 (Act 843), which Hon Patrick Boamah has alluded to, was one of the cardinal outcomes of that particular conference, the need for us to review, re-examine the current legislative framework guiding the protection of data.
Mr Speaker, since 2012, and following the enactment of the Data Protection Act, 2012 (Act 843), Parliament has been consistent in every single legislation we passed in this particular House, reflect adequately the need for data protection and I would want to commend the House of Parliament for that consistency, that we made the law and in fidelity to that law, and in being consistent with the dictates of that law, we provide for every single subsequent law we are making in this House, the need for adequate safeguards.
Mr Speaker, Act 843 provides for protection by any person or institution that is responsible for the collection and processing of data to provide some safeguards and that is why within the Act, there are requirements for data controllers to be registered with the Data Protection Commission.
Mr Speaker, this again, I want to note that Parliament is one of the few institutions that have adequately regularised and made same the registration of our data system, by making sure that as a data controller, we register with the Data Protection Commission. The issues about data protection are so serious. They are serious because every now and then we go to social media, and see the display without any sense of hiding the identity of people, valuable and vital information of persons, people splash this information of individuals, including politicians, in the public space. I think this is not what the law actually envisioned.
The law actually wanted to protect us against free flow of personal information in a manner that is not prescribed by law and to see people still in the habit of exploiting and mining personal data of persons and putting same in the media or putting same in public spaces without the requirement of the law, is something that we need to look at seriously. The problem is that almost every single institution in Ghana is actually processing or collecting data in one way or the other.
A data of one sort or another is going to be processed or collected even if they are data of one’s employees, they still constitute part of the data of the person and I think that if we do not do something about this, a time will come that people will not feel safe about providing their data to institutions or persons responsible for the collection of this data.
Mr Speaker, the last thing I want to draw your attention to on this particular subject is the need for us, which has actually been of a flop that contingent to this is also the right of the person, to know that our information is actually safe. Mr Speaker, with these few words, I would like to thank you very much for the opportunity.
AskParly