Government says it is optimistic that people’s data in the country will now be legally protected following the adoption of Data Protection Bill by Parliament.
According to Minister of Information Moses Kunkuyu, the approved Bill seeks to provide for a comprehensive legal framework for the regulation of the processing and movement of personal data of natural persons, in compliance with internationally accepted principles of data protection.
Kunkuyu said: “There is the data that is being processed every day we are depositing our data in one form or another in many areas, be it for registration of our motor vehicle registration. In the health sector when purchasing things, in many areas, we are depositing our information and that is exposing it to possible fraud.
“That’s why there are many cases of fraud that is happening online or on the phones so there is need for personal data and data of whatever form to be protected. And worldwide countries are moving to have a more comprehensive data protection regime, as Malawi been lagging behind.”
However, the Bill received an uproar from opposition lawmakers following a proposition that the Malawi Communications Regulatory Authority (MACRA) be designated as the Data Protection Authority charged with overseeing the implementation of the Bill.
But reacting to the concerns, Kunkuyu said the Authority is the only government agency which is legally capable of managing data in the country.
“The establishment of an authority and that this bill meant that the authority has to be at some place where it was also established by law.
“We could have thought of taking this to the e-government as a department but now Authority wouldn’t sit under a department, and only institution that remains with the capacity that also has the technical know-how at this point is MACRA,” Kunkuyu said.
The Bill also proposes to provide for the key principles that govern the processing of personal data, namely, the processing of personal data lawfully, transparently and fairly, purpose limitation, data minimisation, data accuracy, storage limitation, data integrity and data confidentiality.