We are now living in the digital age which is grossly powered by information. Through technological advancements it is becoming easier for us to share information about ourselves to conduct everyday tasks and to interact with others. Evidently, the sharing of personal data provides many benefits for us; however, it is not devoid of numerous risks.
A quick Google search will display the various data breaches that have occurred over the years as criminals see cybercrime as a lucrative business. In response, organisations and institutions need to implement measures to responsibly secure as well as lawfully process personal data. In light of these existing and growing concerns, Jamaica is currently drafting data protection legislation to protect the personal data of the Jamaican people. This piece of legislation is quite extensive, with the first copy of the Bill totalling 114 pages. It covers a multiplicity of topics, such as data protection standards, the information commissioner, individual’s rights, fines and penalties. After a quick scan of the Bill, it can be agreed that reading the document in its entirety can be seen as daunting, as there is quite a bit to digest along with understanding the legal vernacular.
Essentially, the legislation aims to protect the personal data of individuals and to provide them with certain rights in an effort to offer them greater control over their personal data. These rights are stated below:
1) Right of access to personal data: Under the Data Protection Act individuals will have the right to request access to personal data about them held by an organisation (data controller). This is commonly called a ‘subject access request’. This request must be submitted in writing to the organisation for it to be a valid request. An individual can request confirmation as to whether or not personal data is being processed by the organisation; description of the personal data being processed, the purposes for processing and who the personal data are being or to be shared with; and obtain a copy of their personal data and details of the source of the data.
It should be noted that the Bill states there will be a prescribed fee for requesting copies of the personal data held about you. Additionally, the organisation has a total of 30 days to comply with the subject access request. If an individual is dissatisfied with the way the organisation has dealt with their request, or if they have been unsuccessful in receiving a response after 30 days, then the issue can be reported to the information commissioner.
There might be instances where the personal information requested cannot be released, for example where the release of the information would reveal the personal data of another person and there is no way of preventing such a contravention.
Leave A Comment