Data Protection Act Zambia. The DPA was to regulate data protection in Zambia. This act seeks to ensure that personal information is safe from misuse or abuse.
Rights and Obligations of Data Controller
DPA defines a data controller as a person who determines the purposes for which, and the manner in which, any personal data they need to process.
A data controller shall comply with all of the following:
1=The purpose for which they collect and process personal data; 2=The type of personal data they collect or process; 3=Security and confidentiality measures for the protection of personal data;
4=The period for which personal data will be in their keeping; 5=Any other matter prescribed by regulation; and Any other matter necessary for compliance with the Act.
An individual has the right to request a copy of the following from a data controller:
1=The purpose(s) for collecting or processing his/her personal data; 2=The type of his/her personal data collected or processed; 3=The categories of recipients with whom he can share his personal data ;
4=How long his/her personal will be kept before it is deleted or destroyed, if it is to be deleted or destroyed; 5=Whether he/she has objected to his/her personal information being processed and if he/she has, whether it is being processed nonetheless.
reasons for processing
If this is the case, what are the reasons for processing it notwithstanding his objection?
1=A description of any measures put in place to secure his/her personal information from any misuse, loss or alteration. 2=A description of any mechanism whereby he/she can access his/her information, in electronic form (if applicable). 3=A description of how he/she can access his/her detailed information (if applicable). 4=A description of how he/she can dispute errors in his/her information (if applicable).
5=A description of how he/she can lodge complaints against a data processor (if applicable). 6=The name, address, contact details and registration number of the organization collecting or processing his/her information. 7=A declaration that he knowa his rights under this Act. and whether there is a waiver. 8=A declaration that any false information provided by him was not wilfully done so.
The Right to Object to Personal Data Processing and Disclosure
A data subject has the right to object to the personal data processing of that data subject’s personal information by the data controller and to object to the disclosure of his/her personal information in certain circumstances. They can only process personal information if it is in pursuit of a legitimate interest of the data controller or its agent. And it is does not override the interests or fundamental rights and freedoms of the data subject.
The Right to Access One’s Personal Information
Under Section 6, “access” means providing a person with any information concerning his/her personal information, including:
a=The existence of such personal information; b=The purpose for which the information they need to process; c=The categories of personal information needed; d=The recipients or classes of recipients to whom the personal information has been disclosed, in case such recipients are within Zambia; e=Any other matter prescribed by regulation.
The Right to know on Data Breaches
Section 8 provides that “data breach.” Means an incident involving loss, theft, unauthorised access, disclosure or destruction of any personal data that is the duty of a data controller. In such instances, a data controller shall notify each affected person as soon as reasonably practicable after becoming aware of such a data breach.
A notification under this section shall include:
1=An indication that a breach has occurred;
2=An indication that personal information has been compromised;
3=Advice on the steps individuals should take in response to such notification; and
4=A description of other remedial steps taken or proposed to by the data controller.
Conclusion
The DPA embraces the principles of accountability and transparency, which are the pillars of a democratic state. It is a law that seeks to protect people from abuse by ensuring that the state respects their rights and freedoms. Data controllers must respect and protect the privacy of individuals.
With the rapid growth in technology and its adoption into our everyday lives, data protection has become one of the most important issues facing society today.