Business entities invest huge sums of money into data protection due to competition from competitors and the prevalence of fraud and scams targeting their data bases.
Some of the data can be used to the disadvantage of the firms if it landed in the hands of their competitors or wrong elements.
However, this isn't the case with Tight Security Limited, one of Uganda's largest private security firms. URN has over the past four months collected a number of documents from Tight Security Limited detailing their operations. The documents bear the number of guards routinely deployed at particular stations, number of guns and radios.
They also detail the physical address of their clients including residential premises, businesses, and arcades, education and health institutions and Non-Governmental Organizations. Some of the clients listed in the pile of the data sheets collected by our reporter include Cavendish University, National Union of Disabled Persons of Uganda (NUDIPU) premises, Nile Medicare Ltd, Bukoto Complex Phase II and Alliance Media Uganda among others.
The sensitive security documents end up with snack vendors in the Kamwokya suburbs who use them to wrap eats such as chips, samosas, rolex and mandazi for their customers. On January 23, 2019, our reporter obtained an April 23, 2018 data sheet detailing the deployment of guards at Sugar Corporation of Uganda Limited (SCOUL), a member of Mehta Group of Companies and one of the leading sugar producers in the country.
The data sheet signed by the Tight Security deployment officer Christopher Masiga lists different areas of deployment for the night shift at the Lugazi-based sugar factory - including the main gate, warehouse, spray pond, new weigh bridge, boiler and kitchen fabrication workshop. This particular deployment involved 54 guards and the number of weapons signed out for duty.
Analysis of data from the documents shows that of the 56 guards deployed at the factory that night, only 18 were armed with rifles while the rest had either batons or some other weapons. On January 30, 2019, URN received another batch of documents from Tight Security detailing deployments at various institutions in Lubaga and Makindye divisions in Kampala.
This includes number of guns and guards deployed at Kiri Bottling Company, Shumuk forex bureau and Fotogenix Limited among other clients. Another document obtained on February 11, 2019 from the same firm, detailed the particulars of deployments in Tembo Steel in Tororo, Kiboko Enterprises, Kawacom factory and Kakira Sugar depot among others.
When contacted to explain how such sensitive company information easily ends up on the streets, James Wangoda, the chief operations manager Tight Security Limited pointed to possible leakage and promised to investigate the matter. He shuddered upon seeing the oily packaging bags produced using their company data sheets.
"That is something I have to follow up with the archives because we have an archive where we store those documents for a certain period of time…security documents should be destroyed by burning. The fact that they have reached this level means there was some leakage and I have to investigate who leaked out these documents and at what stage." said Wangoda.
According to Wangoda, the company is expected to store the documents for six months before they are disposed of in a responsible manner. However, some of the documents obtained by URN are three months old. He also claimed that they use codes in their deployment documents.
Police spokesperson, Fred Enanga said the leaked documents signal sloppiness in the way the security firms handles vital documents.
However, this isn't the case with Tight Security Limited, one of Uganda's largest private security firms. URN has over the past four months collected a number of documents from Tight Security Limited detailing their operations. The documents bear the number of guards routinely deployed at particular stations, number of guns and radios.
They also detail the physical address of their clients including residential premises, businesses, and arcades, education and health institutions and Non-Governmental Organizations. Some of the clients listed in the pile of the data sheets collected by our reporter include Cavendish University, National Union of Disabled Persons of Uganda (NUDIPU) premises, Nile Medicare Ltd, Bukoto Complex Phase II and Alliance Media Uganda among others.
The sensitive security documents end up with snack vendors in the Kamwokya suburbs who use them to wrap eats such as chips, samosas, rolex and mandazi for their customers. On January 23, 2019, our reporter obtained an April 23, 2018 data sheet detailing the deployment of guards at Sugar Corporation of Uganda Limited (SCOUL), a member of Mehta Group of Companies and one of the leading sugar producers in the country.
The data sheet signed by the Tight Security deployment officer Christopher Masiga lists different areas of deployment for the night shift at the Lugazi-based sugar factory - including the main gate, warehouse, spray pond, new weigh bridge, boiler and kitchen fabrication workshop. This particular deployment involved 54 guards and the number of weapons signed out for duty.
Analysis of data from the documents shows that of the 56 guards deployed at the factory that night, only 18 were armed with rifles while the rest had either batons or some other weapons. On January 30, 2019, URN received another batch of documents from Tight Security detailing deployments at various institutions in Lubaga and Makindye divisions in Kampala.
This includes number of guns and guards deployed at Kiri Bottling Company, Shumuk forex bureau and Fotogenix Limited among other clients. Another document obtained on February 11, 2019 from the same firm, detailed the particulars of deployments in Tembo Steel in Tororo, Kiboko Enterprises, Kawacom factory and Kakira Sugar depot among others.
When contacted to explain how such sensitive company information easily ends up on the streets, James Wangoda, the chief operations manager Tight Security Limited pointed to possible leakage and promised to investigate the matter. He shuddered upon seeing the oily packaging bags produced using their company data sheets.
"That is something I have to follow up with the archives because we have an archive where we store those documents for a certain period of time…security documents should be destroyed by burning. The fact that they have reached this level means there was some leakage and I have to investigate who leaked out these documents and at what stage." said Wangoda.
According to Wangoda, the company is expected to store the documents for six months before they are disposed of in a responsible manner. However, some of the documents obtained by URN are three months old. He also claimed that they use codes in their deployment documents.
Police spokesperson, Fred Enanga said the leaked documents signal sloppiness in the way the security firms handles vital documents.
"It calls for more vigilance on destruction of records. And of course companies that are organised I have seen they really ensure that all the papers are burned to ashes. They really ensure that that information doesn't leak. So it depends on the level of organization and vigilance of a particular company," Enanga said in an interview.
He said that such leakages are prompted by the monetary value attached to used stationery especially for companies involved in recycling.
The recently passed Data Protection and Privacy Act, 2015 provides that companies dispose off the data between two to five years depending on the purpose for, which it was collected. It also provided a fine of two per cent of the company's annual gross turnover or revoking the license for breach of the law.
Annet Nyakecho, the chairperson of the Information and Communication Technology and National Guidance, faults the security firm for failing to protect the client's information.
"It is very wrong for a company to misuse people’s data, throw it up and down. It is a very very bad thing, actually right now under the law, they are culpable. It depends for the purpose which the data was collected. If the purpose was for deployment or recruitment or whatever it is and maybe the company has finished that phase, then their method of disposal should not be in such a way that they throw it to people in the streets." Nyakecho said.
Nyakecho opines that deployment sheets should be kept confidential so that companies are not exposed to risk of attacks by robbers.
"When you say I'm deploying two guards here, you are risking…If someone comes across such information, it means the thieves can organize more than the number you have deployed. It is a risky thing, that data is supposed to be kept confidential. That particular information should not fall into hands of anybody….Maybe it is a question of sensitization of people and companies because some companies don’t know what they are supposed to do with people’s information." Nyakecho said.
Information and Communications Technology minister, Frank Tumwebaze, says the purpose of the new data protection law is to protect the privacy of the individual and personal data.
This according to Tumwebaze will be achieved by regulating the collection and processing of personal information and to provide for the rights of the persons whose data is collected and the obligations that relate to data collection, processing and data controllers.
He said that such leakages are prompted by the monetary value attached to used stationery especially for companies involved in recycling.
The recently passed Data Protection and Privacy Act, 2015 provides that companies dispose off the data between two to five years depending on the purpose for, which it was collected. It also provided a fine of two per cent of the company's annual gross turnover or revoking the license for breach of the law.
Annet Nyakecho, the chairperson of the Information and Communication Technology and National Guidance, faults the security firm for failing to protect the client's information.
"It is very wrong for a company to misuse people’s data, throw it up and down. It is a very very bad thing, actually right now under the law, they are culpable. It depends for the purpose which the data was collected. If the purpose was for deployment or recruitment or whatever it is and maybe the company has finished that phase, then their method of disposal should not be in such a way that they throw it to people in the streets." Nyakecho said.
Nyakecho opines that deployment sheets should be kept confidential so that companies are not exposed to risk of attacks by robbers.
"When you say I'm deploying two guards here, you are risking…If someone comes across such information, it means the thieves can organize more than the number you have deployed. It is a risky thing, that data is supposed to be kept confidential. That particular information should not fall into hands of anybody….Maybe it is a question of sensitization of people and companies because some companies don’t know what they are supposed to do with people’s information." Nyakecho said.
Information and Communications Technology minister, Frank Tumwebaze, says the purpose of the new data protection law is to protect the privacy of the individual and personal data.
This according to Tumwebaze will be achieved by regulating the collection and processing of personal information and to provide for the rights of the persons whose data is collected and the obligations that relate to data collection, processing and data controllers.