Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By George Lynch
Companies doing business in Jamaica for the first time would face broad privacy rules under a government bill introduced in Parliament.
A new privacy office would be able to levy fines of up to 2 million Jamaican dollars ($15,597) or up to 10 percent of a company’s gross income. The proposed law would also allow the privacy office to seek prison terms of up to seven years for individuals that violated the law. Individuals would be able to ask the privacy office to recover damages from companies that violated the law.
The country has sector-specific laws for financial services and electronic transactions that have some general rules on data use and storage, but the bill would give Jamaica its first comprehensive privacy statute.
“Jamaica is becoming a very attractive location for business processing services,” but having a comprehensive privacy law would hopefully make it a more attractive place to locate data centers and might lure more data processing work for higher-end businesses, Grace Lindo, a commercial, intellectual property, and technology partner at Nunes, Scholefield, DeLeon & Co. in Kingston, Jamaica, told Bloomberg BNA.
However, the bill, which was introduced in the House Oct. 10, may increase compliance costs and burdens on companies operating in Jamaica. The proposed law includes several new compliance obligations for companies, including obtaining consumer consent and notifying the privacy office of data breaches.
Data security and data collection restrictions on the bill would create costly compliance obligations that may come as a surprise to companies, Danielle Stiebel Johnson, a technology and electronic transactions attorneys at Myers, Fletcher, & Gordon LLP in Kingston, told Bloomberg BNA.
Large Jamaican companies that would face new obligations under the proposed law include include financial holding company NCB Financial Group Ltd. , food and finance conglomerate GraceKennedy Ltd, and insurance provider Sagicor Group Jamaica Ltd, according to Bloomberg data.
The bill says that data processing may be performed using consumer consent, but the consent provision contains wide exceptions, according to Lindo. “I find these exceptions to be very pro-business,” Lindo said. For example, a company need not obtain consent if it can show that it cannot be reasonably expected to obtain it and it has exhausted all possible avenues to obtain it, she said.
The legislation would require companies to notify the privacy office of breaches of personal data “without undue delay.” he bill would also require companies to notify individuals of a data breach if it is “likely to affect” them.
The legislation would require companies to protect the privacy and security of “personal data,” which is defined as data capable of identifying a living person, either on its own or when combined with other information likely to be possessed.
The proposed law would require companies to take extra care to protect “sensitive personal data,” including genetic, biometric, racial, ethnic, political opinion, health, and sex life information.
The bill includes provisions found in similar recently-enacted privacy laws with accountability principles, such as appointing a data protection officer and requiring privacy impact assessments, Miriam Wugmeister, co-chair of the global privacy and data security group at Morrison & Foerster LLP in New York, told Bloomberg BNA. But it also has a provision to require companies that control the collection and use of personal data to register with the data protection authority. Such a provision more often shows up in privacy laws without accountability provisions, she said.
The proposed law would require data controllers to:
The Jamaican legislation is based on European Union tenets of data protection, Lindo said.
The bill would require companies to make “appropriate” technical and organizational data protection and security measures consistent with best practices and take into account cost considerations. Additionally, the bill would require companies to ensure that data is:
With assistance from Lucien Chauvin in Lima
To contact the reporter on this story: George Lynch in Washington at gLynch@bna.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
The bill, as introduced, is available at http://src.bna.com/tjO.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)