IMANI is urging the government to adopt seven key safeguards before any new SIM registration begins, warning that without strict limits on biometric storage, data access, and surveillance risks, citizens’ personal information could be exposed, misused, or abused.
As the government sets the stage for a new SIM Registration exercise, policy think tank IMANI is insisting that the process cannot go ahead without firm protections to guard the personal data of millions of citizens.
In a brief on the upcoming exercise, the think outlined seven minimum safeguards it believes the government must enforce to prevent misuse of biometric information, protect privacy, and restore public trust.
IMANI argues that the previous registration exercise left behind too many unanswered questions about data storage, security, and access. It is therefore imperative that mechanisms are put in place to prevent the repetition of past mistakes.
The proposed safeguards, they note, are not abstract demands; they are practical protections that ensure people are safe while the state maintains the tools it needs to fight fraud and crime.
The following are the safeguards as demanded by the policy think tank;
No Biometric Copies Outside the NIA
At the top of IMANI’s “minimum safeguards” is a strict rule that states that biometric data, fingerprints, facial images, or templates must never leave the custody of the National Identification Authority (NIA). Telcos, regulators, private contractors, and any other agencies must be barred from storing or duplicating such sensitive information.
This, IMANI says, is essential because biometric data is permanent; once leaked or misused, it cannot be changed. Keeping it with a single, accountable institution reduces the risk of breaches and abuse.
“All biometric data must remain exclusively within the secure custody of the NIA,” IMANI noted.
Only “Yes or No” Verification Responses
IMANI says the NIA should return only a simple verification result, which is “yes” or “no”, when telcos check a customer’s identity, along with a non-biometric token.
No detailed personal data or biometric templates should be sent back. This protects users from excessive data exposure that could be exploited now or in the future.
IMANI says, “The NIA must return only a simple yes or no verification result together with a pseudonymous, non-biometric token. No biometric data, biometric templates or rich personal data should ever be sent back to telcos or other actors.”
Minimal Data Collection, Anchored in Law
Only essential details, the think tank demands, should be stored in SIM and device registers, and nothing more. Any attempt to gather or keep additional information must be stopped.
This principle, they argue, prevents overreach and ensures that people’s information is used strictly for fraud control and security, not broad surveillance or commercial profiling.
“Any additional, excessive or bulk collection and retention of data beyond this narrow purpose should be explicitly prohibited by law and by regulation,” the brief stated.
No Cross-Matching or Bulk Linkage of Databases
One of IMANI’s strongest warnings concerns the linking of identity data with call records, mobile money history, or location logs. Without clear legal limits, it fears such linkages could create a powerful surveillance tool capable of tracking citizens’ movements and associations.
They say Parliament must outlaw any non-consensual bridging of databases and require explicit approval and strict safeguards for any new use.
“Parliament must prohibit and render unlawful the non-consensual linking or bulk bridging of identity databases with telecom usage data, including calls, location, devices, and mobile money, for political profiling, informal surveillance, mass linkage or unrelated commercial purposes,” it further stated.
Court Warrants Before Accessing User Data
IMANI also wants a rule that law enforcement agencies can only access identity-linked SIM or device information with a court warrant, except in rare, life-threatening emergencies. Even then, any emergency access must be reviewed afterward.
This, they argue, protects innocent citizens from improper monitoring.
Tamper-Proof Audit Logs and Independent Oversight
Critical among IMANI’s safeguards is the demand that every access to user data must generate a record that cannot be deleted or altered. These logs should be available to the Data Protection Commission, which must monitor compliance and publish regular transparency reports.
Civil society and technical experts should also be part of the oversight system. This safeguard, IMANI notes, acts as a deterrent, knowing that every access attempt leaves a trace discourages abuse.
The think tank says, “Every access to identity-linked SIM or device data must generate a tamper-evident audit log that cannot be altered or deleted, and that is available to the Data Protection Commission.”
Citizens Must Be Able to Check What Data Is Held About Them
Finally, IMANI is asking for a user-friendly system, either via a secure portal or USSD code, that lets every citizen check what information is stored about them. People should also be able to confirm that any old biometric data from the previous registration exercise has been deleted.
This measure is crucial, they say, because transparency builds trust and gives citizens control over their own information.
“Citizens must have a clear mechanism, such as a secure portal or USSD code, to check what data are held about them in the SIM and device registers and to confirm when legacy biometric data has been deleted. This right of access and verification should be anchored in Act 843 and any new digital rights legislation,” it added.
The Bottomline
The think tank argues that without these seven safeguards, the new SIM registration process risks becoming another exercise that exposes citizens to data misuse, political profiling, or surveillance.
Since millions of Ghanaians depend on their phones for communication, banking, business, and everyday life, IMANI believes safeguarding personal data is not optional; it is a national obligation.
They insist that the government must commit to these protections openly and in law before asking citizens to register again.
Source: The High Street Journal
