Professional Documents
Culture Documents
04/06/2024 1
An Act
• A bill which has passed through the various legislative steps
required for it and which has become law.
• Currently, (as of 2023) there are ONLY four relevant laws
appropriate for the digital/information systems/information
technology space. These are:
• Data Protection Act 843 (Year 2012)
• Cyber Security Act 1038 (Year 2020)
• Electronic Transactions Act 772 (Year 2008)
• Electronic Communications Act, 775 (Year 2008)
DATA PROTECTION
ACT, 2012
ACT 843
04/06/2024 3
Table of Content
• Data Protection Act – What is it?
• Objectives
• Key Actors
FABRIKAM 4
DATA BREACH
Email errors–emails
Unauthorized data Spoofing, Phishing, BEC
sent to incorrect
access by a colleague attacks including
addresses, or the
staff without the hacking organization’s
disclosure of bulk email
proper credentials. databases
addresses.
7
IMPACT OF A DATA BREACH
• http://citifmonline.com/2017/06/20/over-150-firms-cited-for-breaching-data-protection-act/
• The issue?
FABRIKAM 13
Personal data
• Another reason the act was passed is to control the way information is
handled and to give legal rights to people who have information stored
about them.
FABRIKAM 17
Registration - https://dataprotection.org.gh/search-register
• “All who process personal information must register with the Commission unless otherwise directed. The Commission
registers Data Controllers and Processors online. As part of the measures to ensure openness and transparency aspects of
the registered data controllers and processors information will be made available on the Commission’s online public search
register”.
• WHAT IS REGISTRATION?
• Registration is the process by which data controller(s) and processor (s) inform the Commission on some the following:
• Who they are;
• the type(s) of personal data it holds;
• The nature of processing of personal information they engage in; How they ensure the protection of the personal information they collect or process; and
• Who their contact person is for data protection issues.
1.It must be collected and used fairly and inside the law.
2.It must only be held and used for the reasons given to the Commission.
3.It can only be used for those registered purposes and only be disclosed to those people
mentioned in the register entry.
4.The information held must be adequate, relevant and not excessive when compared
with the purpose stated in the register.
5.It must be accurate and be kept up to date.
6.It must not be kept longer than is necessary for the registered purpose.
7.The information must be kept safe and secure.
8.The files may not be transferred outside of the Ghana unless the country that the data
is being sent to has a suitable data protection law.
Principle 1 :Processing personal data fairly and lawfully
• This is the first data protection principle. In practice, it means that you
must:
• have legitimate grounds for collecting and using the personal data;
• not use the data in ways that have unjustified adverse effects on
the individuals concerned;
• be transparent about how you intend to use the data, and give
individuals appropriate privacy notices when collecting their
personal data;
• handle people’s personal data only in ways they would reasonably
expect; and
• make sure you do not do anything unlawful with the data.
Principle 1
• The Data Protection Act says that information should be treated as being obtained fairly if it is
provided by a person who is legally authorised, or required, to provide it.
Example 1
Personal data will be obtained fairly by the tax authorities if it is obtained from an
employer who is under a legal duty to provide details of an employee’s pay, whether or not
the employee consents to, or is aware of this.
• However, to assess whether or not personal data is processed fairly, you must consider more
generally how it affects the interests of the people concerned – as a group and individually.
Example 2
Where personal data is collected to assess tax liability or to impose a fine for breaking the
speed limit, the information is being used in a way that may cause detriment to the
individuals concerned, but the proper use of personal data for these purposes will not be
unfair.
Principle 1
• Is it possible to use or disclose personal data for a new purpose?
Example 4
A bookshop has had some customers for many years and has regularly sent them catalogues of new books. After a
while the company also started selling phones and other electronic gadgets. It is likely to be fair to start sending
catalogues advertising phones to long-established customers, who are unlikely to be surprised that the company
has diversified. However, customers are less likely to consider it reasonable if the company uses the interests they
have shown by their purchases to promote another company’s themed holidays (for example, holidays in Dubai or
Bali). Passing details of customers and their interests to other companies for marketing is likely to be unfair unless
they have agreed to this.
Example 5 - Local
The HR dept. has collected and kept job applicants’ data for many years. As part of a
strategy to reach out to as many clients as possible with a new contraceptive product, the
Marketing request the IT dept. to extract the applicants’ data for email advertisement.
Example 8
The husband of the HR boss at XYZ owns an Insurance company. She
decides to fetch employee data for her husband’s company to covertly
contact employees with their services.
Principle 3:The amount of personal data you may hold
• This is the third data protection principle. In practice, it means you
should ensure that:
• you hold personal data about an individual that is sufficient for the purpose you are holding
it for in relation to that individual; and
• you do not hold more information than you need for that purpose.
• So you should identify the minimum amount of personal data you need
to properly fulfil your purpose. You should hold that much information,
but no more. This is part of the practice known as “data minimisation”.
• What is meant by “adequate, relevant and not excessive”?
• The Data Protection Act does not define these words.
• When is an organisation holding too much personal data?
• You should not hold more personal data than you need. Nor should the data you hold include
irrelevant details.
Principle 3
Where sensitive personal data is concerned, it is particularly important to make
sure you collect or retain only the minimum amount of information you need.
Example 10
A recruitment agency places workers in a variety of jobs. It sends applicants a general questionnaire, which includes specific
questions about health conditions that are only relevant to particular manual occupations. It would be irrelevant and
excessive to obtain such information from an individual who was applying for an office job.
Example 11
An employer holds details of the blood groups of all its employees. Some of them do hazardous work and the information is
needed in case of accident. For the rest of the workforce, though, such information is likely to be irrelevant and excessive.
Example 13
Keeping a paper-based employee attendant sheet where staff scribble all kinds of handwriting…….
Principle 4: Keeping personal data accurate and up to date
• To comply with these provisions you should:
• take reasonable steps to ensure the accuracy of any personal data you obtain;
• ensure that the source of any personal data is clear;
• carefully consider any challenges to the accuracy of information; and
• consider whether it is necessary to update the information.
• Keeping Records of Mistakes
• Keeping a record of a mistake and its correction might also be in the
individual’s interests
Example 13
A mis-diagnosis of a medical condition continues to be held as part of a patient’s
medical records even after the diagnosis because it is relevant for the purpose of
explaining treatment given to the patient, or to additional health problems.
Principle 4
• What are “reasonable steps”?
• This will depend on the circumstances and, in particular, the nature of the personal data
and what it will be used for. The more important it is that the personal data is accurate,
the greater the effort you should put into ensuring its accuracy.
Example 16
An organisation recruiting a driver will want proof that the individuals they interview are entitled to drive the type of
vehicle involved. The fact that an applicant states in his work history that he worked as a Father Christmas in a
department store 20 years ago will not need to be checked for this particular job.
Example 17
A business that is closing down recommends a member of staff to another organisation. Assuming the two employers
know each other, it may be reasonable for the organisation to which the recommendation is made to accept assurances
about the individual’s work experience at face value. However, if a particular skill or qualification is needed for the new
job role, the organisation would need to make appropriate checks.
Principle 5:Retaining personal data
• This is the fifth data protection principle. In practice, it means that
you will need to:
• review the length of time you keep personal data;
• consider the purpose or purposes you hold the information for in
deciding whether (and for how long) to retain it;
• securely delete information that is no longer needed for this
purpose or these purposes; and
• update, archive or securely delete information if it goes out of
date.
Principle 5
• Assuming that you have a good reason for processing personal data, it is
obvious that discarding that data too soon would be likely to disadvantage
your business and, quite possibly, to inconvenience the people the
information is about as well. However, keeping personal data for too long
may cause the following problems:
• There is an increased risk that the information will go out of date, and that
outdated information will be used in error – to the detriment of all concerned.
• As time passes it becomes more difficult to ensure that information is
accurate.
• Even though you may no longer need the personal data, you must still make
sure it is held securely.
• You must also be willing and able to respond to subject access requests for
any personal data you hold. This may be more difficult if you are holding more
data than you need.
Example 18
HR at ABC retains job applicants' data for the purposes of contacting them in the future if the position becomes available.
Is it right to do this?
Principle 5
• What determines the length of a retention period?
• Personal data will need to be retained for longer in some cases than in others. How long you retain
different categories of personal data should be based on individual business needs. A judgement must
be made about:
• the current and future value of the information;
• the costs, risks and liabilities associated with retaining the information; and
• the ease or difficulty of making sure it remains accurate and up to date.
• The appropriate retention period is also likely to depend on the following.
• What the information is used for
Example 18
A bank holds personal data about its customers. This includes details of each customer’s address, date of birth and mother’s maiden
name. The bank uses this information as part of its security procedures. It is appropriate for the bank to retain this data for as long
as the customer has an account with the bank. Even after the account has been closed, the bank may need to continue holding some
of this information for legal or operational reasons.
Example 19
Images from a CCTV system installed to prevent fraud at an ATM machine may need to be retained for several weeks, since a
suspicious transaction may not come to light until the victim gets their bank statement. In contrast, images from a CCTV system in a
pub may only need to be retained for a short period because incidents will come to light very quickly. However, if a crime is reported
to the police, the images will need to be retained until the police have time to collect them.
Principle 5
• The surrounding circumstances
• If personal data has been recorded because of a relationship between you and the
individual, you should consider whether you need to keep the information once the
relationship ends.
Example 20
A customer who no longer does business with you. When the relationship ends, you must decide what personal data to retain and
what to delete.
• You may not need to delete all personal data when the relationship ends. You may need
to keep some information so that you can confirm that the relationship existed – and
that it has ended – as well as some of its details.
Example 21
In the previous example, you may need to keep some personal data about the customer so that you can deal with any complaints
they might make about the services you provided.
Example 22
An employer should review the personal data it holds about an individual when that individual leaves the organisation’s
employment. It will need to retain enough data to enable the organisation to deal with, say, providing references or information
about the individual’s pension arrangements. However, personal data that is unlikely to be needed again should be removed from
the organisation’s records – such as the individual’s emergency contact details, previous addresses, or death-in-service beneficiary
details.
Principle 6: The rights of individuals (the data subject)
• This is the sixth data protection principle, and the rights of individuals
that it refers to are:
• a right of access to a copy of the information comprised in their
personal data;
• a right to object to processing that is likely to cause or is causing
damage or distress;
• a right to prevent processing for direct marketing;
• a right to object to decisions being taken by automated means;
• a right in certain circumstances to have inaccurate personal data
rectified, blocked, erased or destroyed; and
• a right to claim compensation for damages caused by a breach of the
Principle 6: Subject access request
• What is an individual entitled to?
• Under the right of subject access, an individual is entitled only to their own personal data, and not
to information relating to other people (unless they are acting on behalf of that person)
• What is a valid subject access request?
• For a subject access request to be valid, it should be made in writing. You should also note the
following points when considering validity:
• Can I require individuals to use a specially designed form when making subject access requests?
• No. Many organisations produce subject access request forms, and you may invite individuals to
use such a form as long as you make it clear that this is not compulsory.
• I have received a request but need to amend the data before sending out the response. Should I send out
the “old” version?
• The Act specifies that a subject access request relates to the data held at the time the request was
received.
• Do I have to explain the contents of the information I send to the individual?
Example 23
You receive a subject access request from someone whose English comprehension skills are quite poor. You send a response and they ask you to translate the
information you sent them. The Act does not require you to do this since the information is in intelligible form, even if the person who receives it cannot
understand all of it. However, it would be good practice for you to help them understand the information you hold about them..
Example 25
In the example above, the child’s parents claim that one of the reasons the hospital’s records are inaccurate is that they include a doctor’s opinion which
is based on the inaccurate information provided by the health visitor. If it agrees, the court may order that the statement of opinion be rectified,
blocked, erased or destroyed. Alternatively, it may order that the statement of opinion be supplemented by a statement recording that it was based on
inaccurate information.
Principle 6: Compensation
• Distress to the Data Subject
• In many cases, a breach of the Act will not cause an individual financial loss,
but it may be distressing to find that personal data has been processed
improperly.
Example 25
An individual’s name is entered onto an employee fraud database without justification. The individual is understandably distressed to discover the
implication that he is a fraudster. However, the information about him is removed from the database before he applies for a new job, and so he suffers
no damage as a result of the error. The employee has no entitlement to compensation for distress alone.
Example 25
In the previous example, the fact that the individual’s name appears on the fraud database prevents him from obtaining a job he has applied for. He
suffers financial damage as a result. He is entitled to claim compensation for this damage and for the distress he has suffered as well.
Principle 7: Information security
• This is the seventh data protection principle. In practice, it means you must have appropriate security to
prevent the personal data you hold being accidentally or deliberately compromised. In particular, you
will need to:
• design and organise your security to fit the nature of the personal data you hold and the harm that may result
from a security breach;
• be clear about who in your organisation is responsible for ensuring information security;
• make sure you have the right physical and technical security, backed up by robust policies and procedures and
reliable, well-trained staff; and
• be ready to respond to any breach of security swiftly and effectively.
• Why should I worry about information security?
• Information security breaches may cause real harm and distress to the individuals they affect .
• fake credit card transactions;
• witnesses at risk of physical harm or intimidation;
• offenders at risk from vigilantes;
• exposure of the addresses of service personnel, police and prison officers, and women at risk of domestic violence;
• fake applications for tax credits; and
• mortgage fraud.
Example 25
An organisation verifies the identity of its employees when they are recruited by asking to see passports or driving licences before they start work. It also
obtains appropriate references to confirm their reliability. The organisation’s standard contract of employment sets out what staff can and cannot do
with the personal data they have access to.
The conditions for processing
• The conditions for processing are set out in Schedules 2 and 3 to the
Data Protection Act. Unless a relevant exemption applies, at least one
of the following conditions must be met whenever you process
personal data:
• The individual whom the personal data is about has consented to the
processing.
• The processing is necessary:
• in relation to a contract which the individual has entered into; or
• because the individual has asked for something to be done so they can enter
into a contract.
The conditions for processing
• What is the “legitimate interests” condition?
• The Data Protection Act recognises that you may have legitimate reasons for processing
personal data that the other conditions for processing do not specifically deal with
Example 25
A finance company is unable to locate a customer who has stopped making payments under a hire purchase agreement. The customer has moved
house without notifying the finance company of his new address. The finance company engages a debt collection agency to find the customer and
seek repayment of the debt. It discloses the customer’s personal data to the agency for this purpose. Although the customer has not consented to
this disclosure, it is made for the purposes of the finance company’s legitimate interests – ie to recover the debt.
Example 25
A taxpayer makes a subject access request to HMRC for personal data they hold about him in relation to an ongoing investigation into possible tax
evasion. If disclosing the information which HMRC have collected about the taxpayer would be likely to prejudice their investigation (because it would
make it difficult for them to collect evidence, for example), HMRC could refuse to grant subject access to the extent that doing so would be likely to
prejudice their investigation.
If, however, the taxpayer does not make the subject access request until some years later when the investigation (and any subsequent prosecution) has
been completed, it is unlikely that complying with the request would prejudice the crime and taxation purposes – in which case HMRC would need to
comply with it.
Example 25
The police ask an employer for the home address of one of its employees as they wish to find him urgently in connection with a criminal investigation.
The employee is absent from work at the time. The employer had collected the employee’s personal data for its HR purposes, and disclosing it for
another purpose would ordinarily breach the first and second data protection principles.
CYBER SECURITY ACT
ACT 1038
04/06/2024 47
DEFINITION
Cybersecurity can be defined as the protection of internet-
connected systems such as hardware, software and data
from cyberthreats.
• To promote the development of cybersecurity in the country and to provide for related
matters
• Cybersecurity and investigatory powers. Gives guidelines on how to get someone's cyber
information to aid in investigations. Handles the guide on the issuance of interception
warrant for traffic data. Gives guidelines for the interception of content data
• Critical information infrastructure. critical Computer systems need to the determined and
guidelines published to that effect. All critical systems shall be registered. All cyber
security providers must register with the authority.
WHAT SPECIFIC CRIMES DOES THE
ACT TACKLE?(Section 61)
• Internet hacking which is an attempt to exploit a computer
system or a private network inside a computer
• Cyber fraud
• Cyber bullying
• Cyber stalking
• Sexual extortion
• Nonconsensual sharing of intimate images
• Indecent image or photography of a child
• Sexual abuse and threat to distribute prohibited intimate
image or visual recording.
WHO ARE THE KEY ACTORS
MENTIONED IN THE ACT?(Section 5)
• A person who contravenes a section of this Act for which a penalty is not
provided commits an offence and is liable on summary conviction to a fine of
not less than two thousand, five hundred penalty units and not more than
twenty thousand penalty units or to a term of imprisonment of not less than
two years and not more than five years or to both.
ELECTRONIC
COMMUNICATION ACT,
ACT 775
04/06/2024 55
What necessitated the enactment of the Act
• IMPLICATIONS
• A service provider is obliged to provide rates that are fair and reasonable and shall not discriminate
among similarly situated persons, including the service provider and anybody corporate with which it
is affiliated except as otherwise provided in the law in accordance with section 25 (2) and (4) of the
Electronic Communications Act, 2008 (Act 775)20.
04/06/2024 57
Relevant portions in the act
In article 28, the Authority is to “prepare a Consumer
Code on its own or in conjunction with the Industry
Forum which shall include procedures for reasonably
meeting consumer requirements, the handling of
customer complaints and disputes and for the
compensation of customers in case of a breach of the
Consumer Code, and the protection of consumer
information.”
The Consumer Code may provide for the provision
of information to customers on services, rates and
performance, the provision of technical support to
customers and repair of faults, advertisement of
services, and customer charging, billing, collection
and credit practices.
04/06/2024 58
Key sections of the Act
• Application
• Broadcasting service
• Licenses and frequency Authorization
• Interconnection
04/06/2024 59
Service providers
04/06/2024 60
Key sections of the Act
• Consumer protection
• Industry Forum
Sections
• Broadcasting service
• Interconnection
• Consumer protection
• Spectrum management
• Enforcement powers of the Authority
• Offences
• Resolution of disputes
• Testing and inspection
04/06/2024 62
What specific crimes does the Act tackle?
OFFENCES
• (1) commits an offence and is liable on summary conviction to a fine of not more than two
thousand penalty units.
04/06/2024 63
What specific crimes does the Act tackle?
Spectrum Management
• (4) A service provider or network operator or a person holding a
frequency authorization that fails, within the period specified, to make
a return or furnish documentation to the Authority in accordance with
directions issued under subsection (1) commits an offence and is
liable on summary conviction to a fine of not more than two thousand
penalty units.
04/06/2024 64
What specific crimes does the Act tackle?
knowingly fails to comply with prescribed standards and requirements for the use of radio
spectrum,
provides electronic communications service without a license where a license is required for that
service,
intercepts or procures another person to intercept, without the authorization of the provider or user, or a
court order, or otherwise obtains or procures another person to obtain, unlawful access to communication
transmitted over electronic communications network,
04/06/2024 66
What specific crimes does the Act tackle?
Example
A person who sends false or fake news on the COVID-19
pandemic through electronic means such as social media
especially WhatsApp, to the extent that it endangers the safety
of any person or prejudices the efficiency of life saving services
such as the steps being taken by the Government to halt and
contain the virus, commits an offence and may be liable to a fine
or a jail term not exceeding 5 years.
04/06/2024 68
Who are the key actors mentioned in the Act?
Broadcasting services
Consumers
04/06/2024 69
Who are they key actors mentioned in the Act?
04/06/2024 70
Social and legal implications of the Act in Ghana?
• IMPLICATIONS
• A service provider should endeavour to provide commensurate tariffs for the services rendered to the
public in order that ordinary Ghanaians can afford them unless otherwise in a circumstance addressed
by the law in section 25 (2) and (4) of the Act for a price regulation regime and cost ceiling for the
services provided by telecom companies to their subscribers.
04/06/2024 71
Social and legal implications of the Act in Ghana?
• IMPLICATIONS
• The Consumer Code may provide for the provision of information to customers on services, rates
and performance, the provision of technical support to customers and repair of faults,
advertisement of services, and customer charging, billing, collection and credit practices.
• The NCA is obliged to even publish the ‘Consumer Code’ on its website. A detail of this
obligation is treated in Chapter three where the issue of consumer right, responsibilities and
advocacy were discussed.
04/06/2024 72
Social and legal implications of the Act in Ghana?
• IMPLICATIONS
• Rights and Responsibilities on Products and Services Considering the above subject and it
associated legal implications, it can simply be deduced that the useful universal emergency
numbers, for instance, as displayed on the SIM packs or Starter packs seek to comply with article
23 of the Electronic Communications Act, 2008 (Act 775).
04/06/2024 73
Social and legal implications of the Act in Ghana?
IMPLICATIONS
Responsibilities
• 4. Compare price, quality standard and features make informed decisions before making or
entering into a contract,
• 5. Provide proof of purchases or receipts and documents invariably obtained and kept safely.
04/06/2024 74
Social and legal implications of the Act in Ghana?
IMPLICATIONS
• Responsibilities
• 8. Inform Service Provider about changes in personal circumstances such as change in name or
address.
• 9. Keep receipts, cancelled contracts, bills and instruction. They will be useful in problem
solving.
• 10. Desist from sending messages that are obscene, threatening or otherwise contrary to
applicable laws or regulation.
04/06/2024 75
ELECTRONIC
TRANSACTIONS ACT, 2008
ACT 772
04/06/2024 76
INTRODUCTION
• The Electronic Transactions Act, 2008 Act 772 is the seven hundred and seventy-
• The aim of this legislation was to provide for the regulation of electronic
December, 2008.
• This Act applies to electronic transactions and electronic records of every type.
OBJECTIVE OF THE ACT
The object of this Act is to provide for and facilitate electronic communications and related transactions in the
public interest, and to
(b) promote legal certainty and confidence in electronic communications and transactions;
(c) promote e-government services and electronic communications and transactions with public and private bodies,
institutions and citizens;
(d) develop a safe, secure and effective environment for the consumer, business and the Government to conduct and
use electronic transactions;
Electronic Transactions
Consumer Protection
Certifying Agency
Appeal Tribunal
Industry Forums
Cyber Inspectors
Cyber Offences
ELECTRONIC TRANSACTIONS
• Sections 47 to 54 of the Electronic Transactions Act, 2008 Act 772 deals with consumer protection.
• Suppliers will have to provide all necessary information pertaining to their businesses to ensure that consumers are able to verify their
authenticity. Some of these information include full name and legal status;
membership of any self-regulatory or related bodies and the contact details of the body;
a code of conduct to which that supplier subscribes and how that code of conduct may be accessed electronically by the consumer;
the registration number, the names of office bearers and the place of registration of a legal person;
PROTECTED COMPUTERS AND CRITCAL
DATABASES
Information Technology Agency with power to monitor, investigate, prosecute any offence under this Act and any
other law enforcement agency acting under any provision of this Act;
• Section 98 sub section (1)and (2) of the Electronic Transactions Act states that “This provision is in addition to the
powers of arrest, search and seizure of a law enforcement agency provided by law.” (2) “A law enforcement agent
may seize any computer, electronic record, program, information, document, or thing in executing a warrant under
this Act if the law enforcement officer has reasonable grounds to believe that an offence under this Act has been or is
about to be committed.”
SPECIFIC CRIMES TACKLED BY THE ACT
• Sections 107 to 140 of the Electronics Transactions Act look at the specific crimes that is being tackled by
the Act. Some include;
• Stealing
• Conspiracy
• Forgery
• Aiding and Abetting
• Unauthorized Access to Protected Computers
• Possession of electronic counterfeit-making equipment
• General offence for fraudulent electronic fund transfer
• Child Pornography
• Unauthorized modification of computer programme or electronic record
• Unlawful access to stored communications
• Obtaining electronic payment medium falsely
• Unauthorized disclosure of access codes
KEY ACTORS
• The Government
• Consumers
• Suppliers
• The Parliament of the Republic of Ghana
IMPLICATIONS OF THE ACT
• To say that an electronic transaction complies with legal requirements is one thing. To have a
sufficient degree of trust in an electronic transaction such that one is willing to ship product,
transfer funds, or enter into a binding contractual commitment in real time is something else.
Clicking on an “I Agree” button, for example, can create a legally valid electronic signature,
but if it becomes necessary to enforce that transaction in court, how do you prove “who”
clicked? Trust, of course, plays a role in virtually all commercial transactions.
• Regardless of whether the deal is struck in cyberspace or in the more traditional paper-based
world, each of the transacting parties must have some level of trust before they will be willing
to proceed with the transaction.
LEGAL IMPLICATIONS OF THE ACT
• The existence of this act is imperative in the day-to-day governance and overall operations of transactions in the Ghanaian
digital space.
• The COVID-19 pandemic has seen a massive number of organizations move a large part of their operations on the web space.
• According to (Bank of Ghana, 2021), there has been a steady increase in mobile money transactions since the COVID-19
outbreak.
• This act has made it possible for the smooth sail of understanding and legal frameworks within the Ghanaian space. However, a
lot of work must be done to increase the confidence citizens and consumers have in the Act to ensure efficient and swift justice