An intro to Jamaica’s DPA standards (P-3)

The Jamaica Gleaner posted an article on August 12, 2020, authored by Courtney Bailey, which educated the public about the standards in the Jamaica Data Protection Act. Below are some key highlights:

  • Earlier this year, two Jamaican financial institutions suffered data security breaches in which client information was leaked or stolen.
  • To comply with the seventh standard in such circumstances, the data controller must choose a data processor who provides sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out and the reporting of security breaches to the data controller.
  • Alternatively, they could seek advice as to whether they could bring themselves within the exemptions provided under Section 31(4), which include the consent of the data subject to the transfer of the data. Courtney Bailey is an attorney in the Kingston office of law firm DunnCox.
  • Section 30(2) of the DPA stipulates that having regard to the state of technological development and the cost of implementation, the required technical and organisational measures should ensure a level of security appropriate to: the harm that might result from unauthorised or unlawful processing or accidental loss, destruction or damage to personal data; and the nature of the data to be protected.
  • Section 30(6) of the DPA provides that the technical and organisational measures to be taken by data controllers in order to comply with the seventh standard include: pseudonymisation and encryption of personal data; systems to safeguard the ongoing confidentiality, integrity, availability and resilience of processing systems and services; back up and restoration systems; a system for testing and evaluating the effectiveness of existing technical and organisational measures; and whatever measures are necessary to ensure adherence to the technical and organisational requirements specified in the DPA.

Reference(s):

Previous Post

Cyber Security & Privacy Webinar by the Bermuda Economic Development Corporation (BEDC)

Next Post

The ECLAC meets about Data Protection in the Caribbean

Related Posts