Cayman News Service published an article on October 18th, 2020 about a registrar that was told to stop collecting unlawful data.
Under the Data Protection Law, Cayman Island’s Ombudsman, Sandy Hermiston told the registrar to stop collecting personal data from people that hold minority shares or voting rights in companies, outside of the requirements of the law.
Key points:
- This came into action after an investigation of complaints made by individuals who hold just 1% of shares in a company. These individuals were required to give detailed personal information to the registrar although such data should only be collected from those with a 25% stake or more.
- Although there may be circumstances where personal information could be requested from individuals holding less than 25% of a company’s shares, it would have to be on a basis within the law, the ombudsman said. “The Registrar was using a blunt instrument to collect data on all company shareholders rather than the lancet the law requires,” she further stated.
- The ombudsman indicated that “all entities collecting personal data must respect that processing personal data must have a legal basis and that the person whose data is being processed is informed of the purpose for the processing”.
- Following the investigation, the registrar was advised to develop a suitable privacy notice to add to the Cayman Business Portal where companies are registered. They were also urged to develop a policy that sets reasonable criteria where additional data is sought.
Reference: caymannewsservice.com
Contributed by: Jason Jacobs from Guyana. Jason is a member of the CCST Discord group from the G5 Cyber Security Foundation Ltd. Learn more about CCST (Caribbean Cyber Support Team) by visiting caribbeancst.org. CCST is a collaborative group on the Discord platform for Caribbean people in IT, from beginners to experts.