Government works on challenge of data protection

(CNS): According to information released by officials on Monday, for the last two months a government working group has been examining and developing the framework for a data protection law. The aim, government said, is to develop legislation to regulate how personal information is collected and processed by all businesses and organisations. However, the jurisdiction’s controversial Confidential Relationships (Preservation) Law, will need to be amended or repealed before the data protection legislation can be enforced.

A release from GIS stated that the new law once it is enacted would ensure that individuals are able to access information about themselves that is held by government entities and private sector groups and require that data held by any organisations is accurate.

The Chairman David Archbold, from the Information and Communications Technology Authority (ICTA), said the group is presently reviewing laws from other jurisdictions that it feels may be relevant to the local situation and is developing a policy recommendations.

 “The law will impose requirements on ‘data controllers’ to handle personal information fairly and lawfully,” said Archbold. “Personal data may only be collected, used, stored and accessed for specified purposes, and must always be adequately safeguarded. Data controllers will be accountable for complying with these principles and liable for breaches, such as unauthorised use or disclosure.”

In early 2010 the group will submit recommendations to the Cabinet Secretary and Attorney General on how the legislation can be introduced and how best to monitor and enforce compliance. It will also prepare a paper on key issues for public consultation.

Government said that a critical consideration is the need for the proposed law to be able to work alongside existing laws with privacy and access provisions, in a manner that supplements those existing protections.

The current Confidential Relationships (Preservation) Law criminalizes the unauthorized disclosure of confidential information and it has caused controversy in recent times as it is considered to be a secrecy law and one which has been at the heart of what are seen as the secrecy issues surrounding the islands’ financial services industry.

Although the CRPL legislates gateways through which information may be obtained by law enforcement and government’s who have signed treaties with the CIG, anyone else is prohibited from asking for information from any private entity in Cayman.

According to some local experts the Cayman Islands government will have to, at the very least change if not entirely repeal the CPRL before introducing any kind of data protection law.

 With the introduction of the FOI Law in January 2009 which allows individuals to access their own personal data held by public authorities (but not private entities) the law also requires government departments and agencies to maintain accurate and up to date information. The intention now is to bring those provisions under the Data Protection Law and have them extend beyond government to any entity holding personal information.

Members of the working group include representatives from the Attorney General’s Chambers; the Freedom of Information (FOI) Unit, which facilitates the implementation of the FOI Law within Government; the Cayman Islands Monetary Authority (CIMA) and the Information Commissioner’s Office — the independent appeals agency responsible for oversight and enforcement of the FOI Law.

Others are drawn from civil society and professional organisations such as the Chamber of Commerce, Law Society, Banker’s Association and Caymanian Bar Association.