The value of personal data in the online world has significantly increased over the recent years as electronic products, services and processes have become inter-winded in all aspects of our everyday life. The question of transparency and accountability of data handlers including public and private institutions has been the center of debate but with limited understanding and confusion. Among key questions asked by citizens include who is processing our data? Under what legal framework? Are we being asked our consent? Is there a risk of the having our personal data processed out of control of any accountable person or organization or simply becoming exposed to all sorts of privacy threats?.
In Somalia, citizen’s data is in the hands of some public and private institutions, from banks, Telcom industries, businesses and government agencies, large amount of personal and private data is being collected on daily basis. Even though we positively assume that our data is protected and is in the right hands, we need to make sure that all protection and safeguarding policies and regulations are in place and implemented accordingly.
The panelist of this event was Mr Abdiaziz Duwane who is the Director General of Ministry of Communications & Technology (MoCT). Among the participants included Mr Zakaria Ismail head of ICT and e-Government system, MoCT and Mr Ibrahim Isse from the Ministry of Commerce & Industries.
The event started with brief talk delivered by the director general Mr Abdiaziz who first thanked DS for organizing such event and talked about the significant of data privacy and protection policy. “It is an honor to join this forum as panelist and huge thanks to the organizers for bringing this topic to our attention.” He started with his opening remarks. Hen then separated the tittle of the event into parts, data privacy which defines ‘who has access to data’ and the second tile data protection which he mentioned as the mechanism providing tools and policies to restrict access to the data.
the DG spent more time to give further explanation as to why policies and regulatory frameworks are needed to protect data privacy.
“ We need to have compliance regulations in place in order to ensure that user’s privacy requests are carried responsibly by various institutions. Companies and agencies are responsible to take precautious measures to protect private user data” he added.
Speaking about national framework, the DG said “The Ministry is currently working on national data privacy and protection policy to regulate data collection in the country because many actors are in fact processing data and we don’t know exactly know how this data is being used. From national institutions, to private banks, businesses, online business platforms, all are collecting data about personal information, sometimes without seeking consent of the individuals.” He added.
When asked about why data protection is important he responded that “due to sensitivity of the data which may sometimes and in most cases include personal health information and personally identifiable information such as names, numbers, address, location etc. therefore, it’s very important that this data is properly and carefully handled.”He also added that “By protecting data, institutions can prevent data breaches, damage to their reputation, and can better meet regulatory requirements which we want to put in place.”
2- Promote policy that dictates minimum data collection strategy: advocacy and campaigns around policies and regulatory frameworks that dictate minimal data collection is paramount to ensure that institutions are not collecting more than what they need (only necessary information).
3- Capacity building programs: Employees of both public and private institutions should be regularly trained on data protection so they understand the processes and procedures necessary to ensure proper collection, sharing, and use of sensitive data as part of their data security portfolio. They should also be trained on ethics and confidentiality, both of these components are considered the central integrity of data protection.
4- Data Protection Commission (DPC): During the discussion, it was unanimously agreed for Somalia to start the process of having an independent commission on data protection and privacy which will regulate and oversee data collection process across the country. The commission will ensure compliance by data processors and data controllers with their obligations to protect personal information of the citizens.