The identity of data protection officers, who are to act as the vanguards of data security within an organisation, should be clearly promulgated, according to Information Commissioner Celia Barclay.

The commissioner, speaking at a recent Private Sector Organsiation of Jamaica (PSOJ) forum, said that ahead of the full roll-out of the Data Protection Act in 2023, businesses and private sector bodies alike are being encouraged to become sensitised around all areas of the law as they move to become compliant in ensuring the protection of privacy rights of individuals, or data subjects as they are referred to under the Act.

“Data protection officers are to be made publicly known. We encourage data controllers to make this information public so that there is easy access for the persons who may need it,” she stated.

Data controllers, which includes persons or businesses that will determine the purpose and means of personal data processing, Barclay said, will, however, have the primary responsibility under the Act to ensure compliance and the protection of data privacy rights.

She said her office, which has been given significant powers under the new law, will, outside of registering and monitoring data controllers, also pursue some amount of enforcement activities against them, especially in instances where they are found operating in contravention of data protection laws.

She explained that with it being near impossible to process every single case that may stem from numerous instances of breach, her office in working with the data controllers will likewise solicit full buy-in from them, as both parties partner to resolve issues.

“The Act also allow the commissioner in certain circumstances to appoint a mediator to help to address some situations, so that will also help to minimise the workload in terms of matters that may need to be prosecuted through the court. We therefore hope that by utilisng that system we will also be able to do much more in terms of our reach,” Barclay said.

The commissioner further said that with government bodies not being exempted from the law which governs data privacy, the Act is non-discriminatory and allows for small or large; government or private sector entities to be fairly dealt with under the provisions.

Pleased with the rate of take-up within the public sector, Barclay said there is now a growing contingent of government organisations that have been reaching out to her office as they also push for compliance and to identify suitable data protection officers.

“Already we have organisations within government that are looking at themselves and their structure even as they try to determine appropriate officers. They have also been taking steps to become more aware of their legal obligations as well as the technical assistance they may need in making themselves compliant,” she stated.