The Malawi Communications Regulatory Authority (MACRA), which serves as the country’s Data Protection Authority (DPA), has begun engaging postal and courier service providers to strengthen compliance with the country’s Data Protection Act ahead of enforcement measures in the sector.
During a sensitisation meeting held in Blantyre, the Authority trained operators on key data protection principles and their obligations in handling customer information, amid growing concerns over privacy breaches and weak data security practices within the industry.
DPA head Dan Chiwoni said postal and courier companies manage large volumes of personal information and therefore require proper knowledge and systems to safeguard customer data.
“Postal and courier operators play a vital role in handling customer information, and there is need for them to understand how best to protect that data in line with the law,” said Chiwoni.
According to the authority, common concerns identified in the sector include public discussion of customers’ personal information, inadequate staff training on data protection obligations, and unauthorised access to customer databases.
The engagement forms part of the DPA’s broader efforts to prepare institutions and businesses for stricter enforcement of the Data Protection Act, which seeks to regulate the collection, storage and sharing of personal data in Malawi.
Experts say the postal and courier industry has become increasingly dependent on digital systems that collect sensitive customer information such as phone numbers, physical addresses and payment details, making the sector vulnerable to data misuse and cyber-related risks if safeguards are not properly enforced.
The DPA warned operators that failure to comply with the law could expose institutions to penalties and loss of public trust, especially at a time when digital transactions and online deliveries are expanding across the country.
Courier operators who attended the meeting welcomed the engagement, saying it had helped clarify their responsibilities under the law and the standards expected in protecting customer privacy.
The Authority has announced plans to hold a sensitisation meeting in Lilongwe targeting postal and courier service providers from the central and northern regions as part of a nationwide compliance campaign.
Share
