Business News of Thursday, 4 March 2021
Source: Selassie Tay, Contributor
The draft policy which is intended to guide data protection and privacy processes internal to Fintechs was informed by the Data Protection Act (2012) and ISO 27001 by consultants commissioned by the Financial Inclusion Forum Africa.
Discussion at the event drew on the real-life experience of the panels, specifically on the application of the principles and guidelines.
The aim was to facilitate knowledge sharing and to ensure that the principles and guidelines address all aspects of protection – data collection, processing, storage, and sharing. Key feedback received from panels and participants at event was included in the final policy.
Running on computer networks and internet-based technologies, fintechs are exposed to the risk of data breaches which has dire financial and operational consequences. With technology evolving, there is the possibility for people outsmart smart security technologies to get access to bank-card details and nonpublic personal information (NPPI).
Protection and privacy of data has become more imperative now with emerging technologies such as artificial intelligence, blockchain, cloud computing and regulation that requires fintech to occasionally share data with government agencies and each other.
It would be recalled that on November 14, 2018, myjoyonline reported the tussle between the Ministry of Communication and the Central Bank of Ghana over the release of mobile money data to a private contractor, Kelni GVG. In a letter to the Ministry of Communication, the Central Bank explained that handing over such data would breach the Guidelines of Electronic Money Issuers and the Data Protection Act.
According to the Banking Industry Fraud Report (2019), there was 2,295 fraud perpetuated in Ghana with stolen data. It was reported that the various forms of advanced technologies adopted by financial institutions have made the financial sector more susceptible to various risks such as phishing, identity theft, card skimming, vishing, email fraud and more sophisticated types of cyber-crime.
It is events like this which informed the drafting of an internal policy on data protection and privacy to ensure that, fintechs in Ghana are handling data in unison in their operations.
In-line with this, Financial Inclusion Forum Africa implemented this project which was in two parts – the draft policy document and the virtual roundtable discussion of the policy.
The project was funded by the Africa Digital Rights Fund (ADRF) – an initiative of the Collaboration on International ICT Policy in East and Southern Africa (CIPESA).
Commenting on the partnership, Dr William Derban, chairperson of the Financial Inclusion Forum Africa noted that the role data privacy and protection is critical to financial inclusion especially as the use of data in increasingly being used in the development of financial services.
These draft guidelines serve as a template to enable fintechs who are developing such services ensure that all our data is being protected. We are grateful to CIPESA who has supported this endeavour which will go a long way to strengthen data privacy and protection in Ghana and in Africa.
On CIPESA’s part, Ashnah Kalemera, Programme Manager noted that privacy is a growing concern among users of digital services in Africa, including rampant privacy breaches by business entities. The draft guidelines can go a long way in addressing the live issues in protecting the privacy of data in the financial sector in Ghana, if adopted.
CIPESA is pleased to support have supported the work of the Financial Inclusion Forum in this regard.
Through this collaboration, both parties seek to protect consumers and contribute to the integrity of the financial sector.
Financial Inclusion Forum Africa is an African based non-profit organisation contributing to global and national efforts at widening access and deepening usage of financial services for people at the bottom of the social and economic pyramid. Drawing on the expertise of our membership, we shape policies, contribute to knowledge, develop and support solutions to effectively address market problems in the area of financial inclusion.
Founded in 2005, CIPESA was one of two centres established under the Catalysing Access to Information and Communications Technologies in Africa (CATIA) initiative, which was funded by the UK’s Department for International Development (DfID).
CIPESA works to enable policymakers and related actors in the region to understand ICT policy issues, and for various stakeholders to use ICT to improve governance and livelihoods.