WITH little over a month left before the Data Protection Act (DPA) is set to take full effect, the Office of the Information Commissioner (OIC) said it has been increasing its readiness but cites skills gap concerns atop its immediate challenges.

“The office is still in the buildout phase but we’re getting there as we move towards the full December 1st implementation date. The challenge, however, is that there is a skills gap for several of the posts we have on record, of which steps are now being taken to address that,” Deputy Information Commissioner David Grey said at a Jamaica Observer Business Forum held last week.

“The interim structure that has been approved has 23 positions and we’ve been successful so far in closing little over a half of these,” he noted.

A look at the OIC website, under its career tab, shows positions for a strategic planning and monitoring manager, procurement manager, information systems analyst, chief financial officer, and public education officer among the vacant posts to be filled. The positions — which require minimum qualifications in interdisciplinary fields across law, business administration, public sector management, IT and economics — also call for minimum experience in the three-to-five-year range.

As the need for cybersecurity increases, so too does the demand for these experts locally and overseas. They believe the shortage of skills in the sector — which other stakeholders have also confirmed — calls for greater education and mobilisation in the area so as to attract and retain the best and the brightest in Jamaica.

Lieutenant Colonel Godphey Sterling, head of Jamaica’s Cyber Incident Response Team (JaCIRT) and who also spoke at the forum, said that some 50 positions were there to be filled “at different levels” in that office over the next year.

“Through current initiates being done as part of our National Cyber Awareness Month programmes in October, we are working to build the culture of security in organisations. In doing this we also want to encourage the next generation as we sustainably address the skills gap and bring more persons from the fringed groups into greater awareness,” he told journalists.

Both Grey and Sterling, in highlighting the skills challenges, however noted that significant efforts remain underway to have the positions filled in the shortest possible time.

The OIC, officially established in 2021 following the appointment of an information commissioner in the person of Celia Barclay, came as a provision of the DPA passed in Parliament a year earlier.

Empowered by the provisions of the Act the OIC aims to create a robust regulatory regime which fosters stakeholder buy-in while ensuring the quick and effective investigation of complaints and prosecution of contraventions concerning data breaches.

Leading up to the November 31st cut-off point and the end of the two-year transitory period before the Act takes full effect, Grey said his office, working alongside the challenges, continues to ramp up its public sensitisation campaign to educate all parties about what is to be the state of play post-December 1.

“We still have a fair amount of work that needs to be done but we are moving towards the date. We therefore urge all data controllers and subjects to be mindful of the various regulations and sanctions that will come under the DPA,” he said.

“We are now working with our partners as we also set up our privacy associations for the Caribbean. And there are others worldwide of which we are also seeking to become a part of as we work together to address this global phenomena of data privacy and protection,” the deputy information commissioner stated.