What you need to know:
It is important to protect your personal data because it can be grossly misused if it falls into the wrong hands.
On a random day, while you are minding your business, your phone pings. It is a text message. The message is from unknown company X asking you to take a loan.
You ignore the text and go on with your business. An hour later, your phone pings again, another message from the same company. This time the message addresses you by name. Now you are truly irked. How did unknown company X get your number, let alone your name?
On the other hand, there is your friend who also receives these messages but ignores them. They couldn’t be bothered. Whatever scenario it is that you are facing, these messages should bother you because it means that someone, somewhere may be misusing your personal data.
Beyond wondering where the company got your information from, it is important to ensure that said company doesn’t use that information without your consent. Not only should it bother you but it is also illegal for any individual or organisation to misuse any personal data.
Uganda’s law provides for the protection of the privacy of an individual and their personal data in the Data Protection and Privacy Act of 2019 and its accompanying regulations.
It defines personal data as “information about a person from which the person can be identified, that is recorded in any form”.
The protection in this law includes making provisions that ensure that anyone who collects or processes personal data is regulated. This is why Uganda set up the Personal Data Protection Office (PDPO), which came into effect in 2021. Every person, institution, or public body that collects or processes personal data is required to register with the office.
This register, which includes the name of the data collector/processor/controller, physical address, what kind of personal data they collect/process, and the reason why they collect/process is open to the public.
You can therefore check the register to ensure that the people or organisations you share with or that use your personal data are committed to protecting your privacy and information.
Besides registering personal data collectors, controllers and processors, PDPO also receives complaints from people who believe that their data protection and privacy rights have been abused. So, if an unknown company X is sending you messages yet you have never shared your contact with them, you can make a complaint. Make sure you keep a record of the complaint you make. If you don’t receive a response from the company within 30 days or you don’t feel satisfied with the response you get, you can file a complaint with the PDPO.
The office reviews these complaints, makes investigations, and takes legal action where a breach is confirmed.
Besides checking the register and making a complaint, you can also take steps to protect your privacy and information. Before you tick that terms and conditions box after downloading an app for example, take time to read the disclaimer usually labelled ‘Privacy’. Apps or websites usually state what they intend to use your personal data for. If you are not comfortable with what is stated, don’t accept the terms.
It is important to protect your personal data because it can be grossly misused if it falls into the wrong hands. Beyond the irritating text messages, personal information can be used to cause physical or mental harm, and your identity can be stolen as we have seen with people who steal phones and use the owner’s SIM card to extort money from family and friends, among other dangers.
Stay informed and safeguard your personal data. Remember that your privacy matters.
Ms Grace Kenganzi is the Manager Public Relations and International Affairs at the Personal Data Protection Office.