$100k fine for abusing info
(CNS): Companies, government and even charities could face a hefty fine if they misuse information once the proposed Data Protection Law is implemented. The need for such legislation in Cayman has grown recently with the arrival of CCTV cameras and the soon to be implemented Bill of Rights. Presently, there are no controls over how personal information is used and the new law will ensure that no individual or entity can misuse sensitive data, according Deputy Information Commissioner Jan Liebaers. While the country does not yet have protective legislation, fortunately there is little evidence of any major misuse to date, he said. However, in future those that do breech the law could pay as much as $100,000 in fines.
Once the law is enacted, it will be monitored and enforced by the Information Commissioner’s Office (ICO), which will be striking the balance between transparency and protection.
The Data Protection Law is not just limited to government, however, as it extends to the private sector and all organisations, including churches. The people who control data will need to manage that information properly and take responsibility for the informaiton they hold. While entities will still be able to store and retain information for legitimate purposes, the law will focus on protecting people from the abuse and illegitimate use of information.
Jan Liebaers told CNS that the ICO will be embarking on a widespread awareness and education campaign well before the law is passed and, once it is passed, the implementation would likely be staggered over at least 12 months to enable everyone to comply.
Although the law will impact a wide cross-section of the community, many organisations will find that they are already compliant. Liebaers explained that the implementation of the Bill of Rights in November enshrines the right to a private life, which means that there must be legislation to uphold that right and consequences if privacy of personal and sensitive information is breeched.
There are exemptions about the use of data by law enforcement officials and even for legitimate purposes by journalists as the emphasis is on the proper management of information held by controllers that is considered sensitive and using it appropriately.
While the ICO will have powers to investigate complaints and enforce the law, Liebaers said that the introduction of the law was not all about enforcement but about ensuring that information is held properly and the individual's right to privacy is protected.
With budgets tight in government, Liebaers admitted that in order for the ICO to manage both freedom of information and data protection properly, the office will need to be properly resourced to ensure one or the other does not suffer. He estimated that once the law is enforced it would require around three new staff members.
The law is currently going through a consultation process and Liebaers, who was part of the work group that drew up the parameters of law, encouraged everyone to read and consider the draft legislation and submit their comments to ensure that the final draft is fit for purpose.
The 69 page draft Data Protection Bill 2012 and the accompanying consultation papers are available at www.dataprotection.ky and in hard copy from the Government Administration Building at 133 Elgin Avenue. Members of the public are asked to provide comments by Friday, 2 November 2012 and can call 244 3607 for more information.
Category: FOI
Laws are probably needed.
However, without enforcement they are a waste of time and money.
Cayman does not have a good track record when it comes to law enforcement. Just look at pensions and medical coverage for employees.
The laws on the books, however, do make the jurisdiction look good on paper to external entities. They act like a fishing lure that attracts new capital and labour to the Islands; the laws look like a tastey morsel but, in reality, they hide a painful hook.
You raise a good point. I would say that one of the good aspects of such data protection laws is that citizens can be an effective part of the deterrence. For instance If you believe a company is holding or using your information inappropriately then you have the right to request details from the company about the info they hold on you…..and they have to comply within a reasonable period else the third party commissioner will be able to investigate.
It’s analogous to the way the FOI process works. Itwill be painful for a while, and there is a chance of abuse by individuals asking every company what information they hold, but in other jurisdictions it has worked to raise the quality of data protection awareness and has been positive overall.
Unfortunately in the interconnected digital world these sorts of laws are only going to be further needed….
Talk about a gross asymmetric way personal information is distributed to managers vs employees so managers can continue to terrorize thier employees….
That is life. Those who have nothing to hide have nothing to be concerned about.
Thats a brilliant way to side-step the issue of manipulating others personal information, but good or bad private personal information can be manipulated whether the person is trying to hide it or not. But that is life: Living with people who's egos try to extend into every private aspect of others..usually for lack of having a life of thier own.
Why would I trust a dodgy credit system that won't allow you to know how it calculates a score, and gives dodgy supervisors leverage outside of the parameters of the work place over the disenfranchised. Although those commercials/propoganda about getting a free credit are just so fun, I have to drink the kool-aid.
No evidence of major misue of personal data in the Cayman Islands? So we have forgotten about:
1. Government inapprorpriately disposing of electronic media and computers as reported by the Compliants Comissioner's report in 2009 – OMI Report Number 13: Appropriate Disposal of Electronic Data Storage Containers
and
2. The Cayman wikleaks scandel – http://en.wikipedia.org/wiki/Rudolf_Elmer
As there is no current requirement to report data incidents you just don't see them publicly disclosed. Wait until the Data Protection Law requires notification to citizens/customers about the loss of their data. Oh boy…then we'll know wha' really happning. A good law that will make a lot of companies and Govt raise their game….to the better of us all…and the country.
Prediction–only politicians will be using this to protect their "secrets.
Sorry, I just cannot buy the argument that the ICO would need three new staff members (with generous civil service benefits). We simply MUST get away from this notion that these "nice to have" positions are "must have". The country cannot afford it! How often does it need to be said? If (and it is a very big "if") significant extra work is generated by the implementation of the DPL, then efforts should be made to add it to the work load of existing staff, even if allowances have to be paid.
That includes taking out credit reports on people without thier knowledge and then using the results to denigrate thier work opportunities. I'll be the first in line in hiring a layer when this becomes law. I hope this law is retroactive since the damage has already been done.
Sounds perfectly prudent due dilligence by a potential employer.
I'm afraid this is common practice by many employers these days, as is checking people's face book pages.
Credit checks and Internet due diligence via social media are a necessary means of avoiding quality dilution through the forced hire of the merely suitably qualified over the best candidate.
They are sufficient, not by any means necessary, and ""quality diluation" = managerial double speak to rationalize the invasion of ones personal information. Knowledge is Power, and it only takes a little to corrupt a system.
How about choosing somebody based upon their current works instead of some vauge way of collecting information that will probably turn up differnent results on different days depending how well you google or on which of the three credit reporting services you choose to use that day. You could just as well through darts at board collaged with potential employees.
They won't see my Facebook page. I blocked everyone in my company and made sure my settings are just for friends. My personal life is no ones business but mine.
I would not want my bank to hire someone with a dodgy credit history. Nor would the bank's insurers.