Jamaica Gleaner / As lawmakers started deliberations on Tuesday on the Data Protection Act, 2017, one government technocrat has sought to advise members of a joint select committee examining the bill that the proposed statute would be far-reaching, impacting not only the public and private sectors, but also a raft of non-governmental organisations.
“The scope and scale of this piece of legislation is going to affect not only businesses and the public sector, but every club, church, every organisation that collects personal data. Their membership list will be impacted by this law,” Maurice Bailey, director of the Legal Reform Unit in the Ministry of Justice, told committee members.
“When we are contemplating even a question of a DPO (data protection officer), it has implications for those kinds of organisations also.”
DATA PROTECTION ACT 2017 Modelled on legislation from the United Kingdom, the Data Protection Act, 2017, is intended to secure the confidentiality of personal data, which may be in the possession of entities, including state bodies, and provide for the rights of individuals in relation to their personal data in the custody of those agencies.
The bill also seeks to establish the office of an information commissioner, charged with the responsibility of overseeing how personal data in the possession of the various entities is handled. Committee member Mark Golding questioned whether there was a requirement in the proposed law to ensure that the database with information on Jamaicans is stored on computer servers in the local jurisdiction and not overseas.
Wahkeen Murray, chief technical director in the Ministry of Science, Energy and Technology, told the committee that there was no specific requirement in the bill for data to be stored in Jamaica.
However, after Bailey reminded the committee that the Credit Reporting Act stipulated that data must be stored in Jamaica, Committee Chairman Andrew Wheatley suggested that a similar approach would be taken with the data protection law. [email protected]