HOW DOES THE NEW DATA PROTECTION ACT AFFECT MY BUSINESS?
The revised and recently passed Data Protection Act, 2020 provides Jamaica with the regulatory authority to create and monitor data sharing and data storage standards (under the purview of newly appointed Information Commissioner). This legislation will provide increased privacy protection for ALL Jamaicans and will improve our technological image to international investors.
The new legislation will also require identified companies to complete an annual Data Impact Assessment (DIA). Island Networks can serve as your Virtual Data Protection Officer (VDPO) and already has cybersecurity solutions that will provide your organization with a detailed history and assessment of your IT infrastructure. As details of the DIA requirements become clearer, Island Networks will be able to include this assessment as part of your managed IT service package.
WHAT TYPE OF DATA WILL BE CONSIDERED ‘SENSITIVE’ PERSONAL DATA
As stated in the Act, the following data types are all classified as ‘sensitive’: Genetic or biometric data, racial or ethnic origin or affiliation, political opinions, philosophical beliefs, religious beliefs, membership in any trade union, physical or mental health conditions, sex life, and any documented proceedings related to any alleged criminal offences by data subject. Additionally, biometric data can include: finger/toe prints, photographs, retina
scans, eye color, blood type, signature, and voice. As is evident, the health care community will be one of the KEY industry segments with plenty of work to do! All physician offices, labs, clinics, surgery centers, hospitals and health insurance providers will need to take steps to secure their operations and learn how to improve their data security. Any practitioner considering more telehealth applications needs to ensure that by adopting these technologies they are not exposing their patients to unnecessary threats.
WHAT HAPPENS IF MY ORGANIZATION DOES NOT COMPLY WITH THE NEW ACT
The penalties for non-compliance will vary based on the types of data, and level of breach. A data controller that willfully releases sensitive data that is ‘likely to cause substantial damage or distress’ can serve up to 10 years jail time if indicted. Other offences carry fines that range from 2M-10M and carry 2-5 years jail time. The Government of Jamaica’s aim is to provide ongoing direction and support so that organizations are not caught off guard and are able to fully comply, regardless of size and budget.
HOW COMMON ARE DATA BREACHES?
Data breaches are unfortunately more common than most realize. Jamaican companies have historically NOT been required to report data beaches like their US counterparts.
Under this new act, companies will be required to report on the breach within 72 hours of becoming aware of the contravention or breach to the Information Commissioner. Breaches not reported will hold a stiffer penalty for the offending organization.
HOW DO I KNOW IF I’VE BEEN BREACHED?
Unfortunately many times they go completely undetected…Sometimes companies only find out once the damage has been done and they are notified by the person(s) whom were affected. Every company should have a proactive methodology to monitor network data traffic and use techniques like pattern recognition to flag any unusual activity. Hackers may explore network entry points for days or weeks before the real attack begins…Island Networks Level 4 security operations center in Kingston provides companies with the peace of mind to have continual ‘eyes’ on your network.
HOW DO I GET MORE INFO ON ISLANDNET CYBERSECURITY – VIRTUAL DATA PROTECTION OFFICER SERVICES?
Call IslandNet at 876-606-0000 or email firstname.lastname@example.org during business hours. We will be ready to help you understand the right path to take. The final details and rules regarding implementation of the Data Protection Act will be based on regulations that are yet to be released.