A monkey tied to a tree still thinks it is free.

That is the modern internet user clicking “I Agree” a hundred times a day without reading anything. Giving away their location, contacts, voiceprints, and heartbeats in exchange for emojis and free Wi-Fi. The illusion of control in a world engineered for surveillance.

One afternoon, the Summit Consulting team was consulting for a large bank that wanted to roll out a facial recognition login system “for convenience.” During our break, the IT head proudly demonstrated it scanning faces faster than a matatu conductor spots a fare-dodger. Everyone applauded. Except for my team.

“Who owns this data?” my colleague asked. Silence. “Where is it stored? Who else has access to it? What happens if a disgruntled admin leaks this?” More silence. The kind that says, we did not think that far.

That is when we realized: we were building digital prisons and calling them fortresses.

Here is the real issue

a) Security has become the Trojan horse.

Governments, corporations, and even schools are justifying unprecedented surveillance “for your protection.” Yet, history whispers a warning, every authoritarian regime started by promising order in exchange for liberty.

b) Privacy is seen as paranoia

You are labeled difficult if you ask where your data goes. But as an executive, if you do not care about your organization’s data lineage, you are not managing risk; you are sleepwalking into regulatory chaos.

c) Convenience is the new currency

We give away rights in return for speed. Faster apps. Shorter queues. Personalized ads. But each trade strips another layer of our autonomy. The same tools built to “understand us better” are profiling us for manipulation.

A Ugandan proverb says: “When the roots of a tree begin to decay, it spreads death to the branches.”

The root here is this: we never defined a boundary.

We rushed to digitize before we governed. We let tech companies set the rules, and now we are catching up with Data Protection Acts like children sweeping after elephants.

In one of my assignments at a major telco, we discovered that over 3,000 third-party apps had API access to customer data unmonitored, undocumented, and ungoverned. “We trusted the developers,” they said. I said you do not build trust. You enforce it. That system was a time bomb. We defused it in 60 days. But most companies do not even know the timer is ticking.

So what should bold leaders do?

1. Adopt zero-trust like you breathe oxygen. Stop assuming your systems, staff, or partners are safe. Verify everything. Trust no one; not even yourself.
2. Turn your privacy policy into a governance engine. Make it a living document. Tie it to your internal audits, procurement processes, and third-party onboarding.
3. Educate your board and staff. Most breaches come from ignorance, not malice. Train people not just in cybersecurity, but in ethical tech use.
4. Push for citizen-first regulation. Don’t wait for NITA-U to force your hand. Design systems that protect the least tech-savvy user. If your grandma can not opt out easily, your system is broken.
5. Set the standard. Do not just comply; lead. Compliance is the floor. Leadership is the roof. Be the company that earns trust, not just accepts consent.

My final word

Security without privacy is surveillance.

Privacy without security is fiction.

We need both.

And as a leader, you must stop delegating this to IT. Data is not just a technical issue. It is a strategic, ethical, and existential one.

If you are not in the room where your data protection decisions are made, then you are the one being served; not the one being protected.

Wake up. Build fortresses, not cages.

Institute of Forensics & ICT Security