On 17 October 2024, the Uganda Institute of Banking and Financial Services (UIBFS) organized its first-ever Data Governance Forum. The hybrid event was themed “Data Governance and Risk Management: Discussing Regulatory Requirements and How to Mitigate Data-Related Risks.” The primary objective of the conference was to provide a comprehensive understanding of data governance within organizational settings.
Speaking at the event, the CEO of UIBFS, Mrs. Masadde Goretti, emphasized that the Institute’s mandate is to promote professionalism and continuous learning in the banking and finance sector, which is achieved through initiatives like this forum.
“Data governance has become essential in today’s data-driven world, particularly in an industry that manages people’s finances. Managing data accurately and securely is crucial for gaining a competitive edge and maintaining trust and compliance within the sector. This forum will equip us with strategies to meet regulatory requirements and mitigate data-related risks,” she stated.
The event commenced at 8:00 am EAT with Ms. Milly Nalukwago Insingoma, Director of Statistics at the Bank of Uganda, delivering the keynote speech. She emphasized the importance of “Data Governance and Data Quality in Gaining a Competitive Advantage.”
Ms. Nalukwago highlighted the critical need for participants in the banking and financial sector to be well-versed in data governance and data quality. She pointed out that this knowledge would distinguish them from other players in the economy, both locally and globally.
“Being equipped with a deep understanding of data governance and quality is no longer optional—it is the foundation for staying competitive in a rapidly evolving global landscape,” she stated.
In the first quarter of 2023, Statista reported that 6.41 million data records were leaked worldwide due to data breaches, affecting millions of individuals. Data breaches, which expose confidential information to unauthorized parties, occur not only through the Internet but also via Bluetooth and text messages. These incidents affect individuals, businesses, and even government entities, underscoring the importance of strong data governance and risk management.
Data governance and risk management is a critical focus in today’s digital age, where organizations generate, process, and store vast amounts of data. It ensures that data is accurate, secure, and used responsibly, while risk management addresses potential threats and vulnerabilities related to data misuse.
Implementing effective data governance and risk management practices is essential for organizations to comply with regulatory requirements, safeguard sensitive information, and build customer trust. With data breaches and cyber threats becoming increasingly common, failing to prioritize these areas can result in financial losses, reputational damage, and legal repercussions. Therefore, individuals and organizations must stay informed on how to mitigate these risks to remain competitive and secure in a data-driven world.
The forum featured thought leaders from a variety of industries and provided participants with insights into key topic areas in data governance and risk management. Among the notable speakers was Ms. Edna Kasozi, Manager of Licensing and Legal Affairs at Uganda’s Personal Data Protection Office (PDPO), who spoke on “Navigating the Complex Landscape of Data Privacy Regulations: Best Practices for Ensuring Compliance and Avoiding Penalties.”
In her session, Ms. Kasozi discussed Uganda’s legal framework, including the Data Protection and Privacy Act, which safeguards personal data. She emphasized essential principles that organizations must follow:
“Organizations must be fully accountable to the data subject for the personal data they collect and process,” Ms. Kasozi stated. She further highlighted that data must be collected and processed fairly and lawfully, without infringing on the rights of the data subject.
“Only relevant, adequate, and necessary data should be collected and processed,” she added, emphasizing the principle of minimality. She also stressed the importance of retention, noting that personal data should only be kept as long as required by law or for its specified purpose.
“Data subjects must be informed and involved in the process, ensuring their rights are upheld,” Ms. Kasozi explained, underscoring the principle of transparency. Lastly, she highlighted that organizations must protect personal data against loss, misuse, and unauthorized access, reinforcing the principle of security.
Mr. Osbert Osami, Head of ICT – Advisory, Research, and Strategy at Centenary Technology Services, discussed “Data Lineage and Impact Analysis: Understanding Your Data’s Journey”. He emphasized the role of impact analysis in evaluating how changes in data can affect processes, decision-making, and compliance.
Mr. Elly Beingana, Manager of MI Automation & Analytics at Stanbic Bank, spoke on the topic “Data Governance Implementation: Developing a Data Governance Strategy, Building a Data Governance Team, and Creating Data Governance Policies.” He began with a relatable analogy:
“What is the purpose of brakes when driving a car? Brakes allow us to drive faster, when you know your brakes work, you feel confident driving at higher speeds. Similarly, data governance enables your business to grow faster by ensuring your data is well-managed. Your data must be valid, complete, and meet standards like accuracy and transparency, aligning with your organization’s core principles.”
He emphasized the importance of having data stewards in each department to tackle data-related challenges. “As the data team, we can collaborate to find solutions, which helps educate everyone on the significance and value of data governance,” he explained.
Elly highlighted that effective data management starts with identifying basic requirements. “It’s crucial to ensure data safety, prevent data loss, and maintain strict compliance. Organizations should create a dedicated data governance function under senior management to ensure oversight and accountability. This role should be filled by individuals focused solely on data governance and compliance to make sure all standards and policies are followed.”
He also suggested that each team should have someone specifically responsible for data governance. “Having these individuals in place allows organizations to monitor and ensure compliance across the board. The data governance framework will outline scenarios for managing data security and access, creating clear guidelines for protecting sensitive information.”
Elly underscored the role of data analysts: “They need to implement security controls to protect against breaches and other incidents, ensuring we can respond quickly and mitigate risks when necessary.”
Mr. Mabira Conrad William, a Cyber Security Researcher, and Private Consultant shared insights on cyber threats in the financial services industry during his presentation titled “Cyber Security in the Financial Services Industry – A Practical Perspective”
He began by addressing the alarming rise of phishing and social engineering attacks, explaining how these tactics continue to evolve and become more sophisticated.
Mabira also discussed the importance of modern two-factor authentication (2FA) defenses, highlighting emerging techniques that attackers are using to bypass these security measures. He introduced the concept of Evilginx, illustrating how this advanced method allows attackers to circumvent even the most robust security systems.
Through his presentation, Mabira emphasized the urgent need for financial institutions to stay ahead of cyber threats and continually adapt their security strategies.
The forum provided participants with valuable knowledge and strategies to enhance data governance and mitigate risks within their organizations.
In Uganda, the Personal Data Protection Office (PDPO) took enforcement action against the Uganda Securities Exchange (USE) and Soft Edge Uganda due to a security breach involving unauthorized access to personal data caused by an incorrectly configured firewall. This breach exposed personal data for 12 days and went unaddressed by both organizations, leading to violations of the Data Protection and Privacy Act 2019.
The Data Governance Forum is a significant step forward in Uganda’s commitment to data protection, demonstrating the growing realization of the need to protect personal information in an increasingly digital society. By encouraging collaboration and sharing best practices, such efforts enable enterprises to prioritize data security and comply with regulatory standards, benefiting both individuals and society as a whole.
