Bankers have rejected a proposal to have the National Information Technology Authority manage private data of their clients.
Officials from Bank of Uganda and the Uganda Bankers Association, who appeared before the Parliament Committee on Information and Communication Technology instead want the regulatory responsibility of managing private data entrusted with a body other than NITA–U, a government institution.
They presented their position before the Committee, which is considering the Data Protection and Privacy Bill, 2015.
“Our issue with the National Information Technology Authority Uganda is competence, speed of delivery, responsiveness and capacity,” said Agnes Tibayeita, who represented the Uganda Bankers Association.
The Bill seeks to protect data privacy and ensure confidentiality of information provided by individuals to service providers.
Clause 20(b) of the Bill seeks to allow persons to request the identity of any third party that has had access to their data.
Mr Elliot Mwebya, the Executive Director Information Technology at Bank of Uganda, who represented Governor Tumusiime Mutebile, was uncomfortable with NITA-U managing client’s data.
“Does this mean that no person can collect data without informing NITA-U? Does it mean that before I collect data, NITA-U has to clear me?” said Mwebya, in reaction to a clause that seeks to empower NITA-U.
Committee Vice Chairperson Paul Amoru (NRM, Dokolo North) said NITA-U’s capacity would be enhanced.
“It means their [NITA-U] mandate will be expanded by the law to cover that aspect of them being regulators…this Bill is serving a multi-sectoral purpose,” said Amoru.
Some sections of the public have accused the Authority for delays, especially for individuals seeking to replace lost national identity cards. This they argue forces clients to opt for fake documentation so as to avoid the bureaucracy.
Mr Isaac Bonny Teko, the Executive Director Contracts at Bank of Uganda said despite the absence of legislation, they have been resisting the urge to divulge private persons’ data.
“This information [regarding clients] is confidential. Despite having regulatory powers, we insist that the processes are followed and we follow procedure to protect private individual data,” he said.
“The clause risks having malicious individuals obtain personal data relating to third parties based on mere suspicion or even dishonest belief that the third party accessed their personal data,” said the bankers in a statement.
The Bill is set for consideration by the House at its second reading in two weeks.