Audio By Carbonatix
The National Identification Authority (NIA) has issued binding guidelines governing how organisations that access data from the National Identity Register (NIR) must store, secure, and eventually dispose of that personal information, effective Thursday, March 19, 2026.
The guidelines, issued under the authority of the National Identity Register Act, 2008 (Act 750) as amended by Act 950 of 2017, are directed at so-called "user agencies", the banks, telecoms companies, government institutions, and other bodies that routinely pull personal data from the NIR for administrative and verification purposes.
The NIA said the guidelines are designed to "ensure that personal information is stored and retained securely and only for as long as necessary," while promoting responsible data management and minimising "the risks of unauthorised access, misuse, or loss of data."
The authority added that the guidelines are intended to ensure compliance with Ghanaian law and alignment with international standards on data protection and information security.
The legal basis for the guidelines rests on Sections 59 and 61 of Act 750, which mandate the NIA to prescribe retention periods for personal information used by user agencies and to guide on how that data should be handled once collected.
In practical terms, this means agencies that collect NIR data, whether for SIM card registration, financial services onboarding, or public sector administration, will now be required to operate within a clear regulatory framework that sets limits on how long they can hold that data and what security standards they must meet while doing so.
The move comes as Ghana continues to deepen its digital identity ecosystem.
The Ghana Card, which the NIA issues, has become a central fixture of everyday life, required for everything from opening a bank account to accessing government services and registering a mobile number.
The sheer volume of personal data flowing through user agencies as a result has made clear data governance rules increasingly urgent.
Ghana's Data Protection Act, 2012 (Act 843) already places general obligations on organisations that process personal data.
User agencies are expected to study and implement the guidelines with immediate effect from Thursday, March 19, 2026.
Latest Stories
-
Finance Ministry set to give clearance for recruitment of 450 new NSA staff
52 minutes -
Sand winners urged to comply with environmental regulations
1 hour -
Civilians as Fuel for Sudan’s War: The bloodshed of children and women continues in Darfur
2 hours -
Bees kill a three-year-old boy, injure 10 in Agona Swedru
2 hours -
Brazil President endorses Ghana’s Reparations push at UN
2 hours -
GPL 2025/26: Eleven Wonders earn 2-2 draw against Samartex
2 hours -
Legal analysis of CAF Appeal Board decision on Morocco vs. Senegal AFCON final chaos
3 hours -
44 Ghanaians rescued from fraudulent recruitment network in Nigeria – Foreign Affairs Ministry
6 hours -
Odumasi Health Centre appeals for standby power plant to safeguard healthcare delivery
6 hours -
2025/26 Women’s FA Cup: Hasaacas Ladies beat Jonina to set up Army Ladies final
6 hours -
Journey to Destiny Ministries breaks ground for 90-bed dormitory for orphans at Journey Center – Ghana
6 hours -
Health Minister reaffirms commitment to ending ‘No Bed Syndrome’ after Korle Bu visit
6 hours -
Afram Plains youth rally behind Mahama’s Farmers’ Service Centre initiative
6 hours -
Investments underway to boost tomato production despite export concerns – Gov’t
6 hours -
2025/26 Women’s FA Cup: Army Ladies thump Samartex Ladies to reach final
7 hours