Regional data protection experts are recommending the need for umbrella legislation to govern the evolution of data protection laws across the Caribbean.

This following a Cloud Carib’s virtual webinar held recently in which participants raised concerns about the need for more unanimity in how data protection was being governed by individual countries. The virtual forum, which was attended by more than 130 attendees from Barbados, Jamaica, Trinidad and Tobago, Guyana, and the United States, explored and spoke at length about the evolution of data protection laws being developed across the region.

Acknowledging the current rate of progress regarding these legislations, Eamonn Sheehy, Cloud Carib director for the public sector, and Rishi Maharaj, data protection advisor, both insisted that a greater push was needed for the establishment of a Caricom-sanctioned umbrella legislation.

“I truly think we have the opportunity to create real legislative synergy by establishing a standard operating procedure to govern all organisations operating within the region much like the General Data Protection Regulations (GDPR) which covers the UK and European Union,” Maharaj noted.

Prior to 2010, the data protection expert indicated that only four Caribbean and Latin American territories had implemented comprehensive data protection laws, of which The Bahamas and Trinidad &Tobago led the way. Over the last 10 years, he, however, said that more countries have been taking steps to advance progress in the area including Jamaica and Barbados among some 13 other territories which have all been engaging the EU’s GDPR as a model. The GDPR regarded as one of the toughest privacy and security law in the world imposes obligations on organisations anywhere which target or collect data related to people in the EU. The regulation, which took effect in May 2018, levies harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.

The experts said that Latin America’s focus on data protection comes partially as a response to international reports of sophisticated cyberattacks which in recent times have also plagued Caribbean-based companies. Over the last two months reported incidences of data breaches at regional companies such as The Massy Group and Aeropost have led to the leakage of sensitive customer data, which, according to Maharaj, highlights the need for a more serious approach to be taken across the Caribbean with regards to the enactment of data protection strategies.

“The onset of the global pandemic has really changed the way businesses relate to each other and to their customers. The increase in remote work has heightened the risk of data being targeted both in transit and at rest — so more must be done to protect data at various points,” he said.

Sheehy while also pointing to the implications that breaches could have for digital transformation efforts in the Caribbean added that, “Many of the services which we access now for remote work whether it be virtual classrooms, virtual meetings or just other cloud services in general are likely all based outside of Caribbean territories, and so it raises the question about how these contracts and agreements may need to be reviewed or renewed for regional organisations to be compliant with the laws that govern their specific jurisdictions.”

“There’s definitely a bit of catch-up that needs to happen,” he stated.

Marketing director of Cloud Carib Olivia Dorsett agreed, indicating that as the Caribbean continues to develop in technological maturity, data protection will continue to remain at the forefront of the conversation.

“It is our hope that educational events like this will help the security posture of island nations,” she said while commending the webinar which was specially hosted to explore issues around data protection.