On Friday, the National Identification and Registration Authority lent Uganda Communications Commission 50 identity card readers which will be distributed to different telecom companies to ease the problem of sim card replacement. However, a civil society organization called Unwanted witness expressed its mixed feelings about the move. Dorothy Mukasa a Chief Executive Officer of Unwanted Witness said data sharing between NIRA and the telecoms was illegal. “You know you are not supposed to give out data wholesomely; there’s supposed to be approval from the board, and then it’s supposed to be shared with the government agencies, not private companies. Now that they are giving people’s private data to agencies that’s a whole lot of violation, I think UCC is acting out of impunity.”
However, NIRA said there was no cause for concern. “NIRA does not share any more information other than what is on your document on your national identity card. Unless they say that your identity card is a document not to be shared or a document to identify you.” Said, Michael Muganga – Public Relations Officer, NIRA. Recently, telecom company MTN was in the spotlight over leaked information relating to mobile money transactions of former Bank of Uganda Director Justine Bagyenda. MTN has since confirmed the breach of confidentiality and accepted that some of its staff acted outside established processes of handling confidential customer information.
The increasing use of internet across the country could see the emergence of cybercrime as a huge threat. Now in 2015, a data protection law was enacted and presented before Parliament and has since stalled until last year when it was reintroduced into Parliament and has since gone silent. “It’s really a danger that without the law. Currently, you can’t take someone to Court for misusing your data. This law should be able to guide when, how much data you should collect, when it should be disposed of, what period of time should you retain this data. Currently, MTN is going to hold onto this data for as long as they want.” Said, Dorothy Mukasa – Chief Executive Officer, Unwanted Witness.
Since the law has not been passed, victims of data confidentiality breaches like Bagyenda have little protection against the misdeeds of large corporations. "And it is also very important for this law to regulate on cross-border data transaction. How much should my data be used outside Uganda" As the situation stands, the confidentiality and protection of Ugandans private data remain an issue that needs more scrutiny from relevant authorities?