Lawmakers slash proposed two-year sentence for data processors in breach
Lawmakers have backed away from the long prison sentence that was recommended in the long-anticipated data protection law for persons who fail to register as data processors.
Section 18 (3) (c) of the proposed data protection bill made failing to register as a data processor an offence punishable by a fine and a prison sentence not exceeding five years for persons convicted in the circuit court.
For persons convicted in the parish court, the punishment was a maximum prison sentence of two years and a $2 million fine.
Yesterday, lawmakers on the joint select committee of Parliament examining the bill agreed to scrap Section 18 (3) (C), thereby eliminating the five-year sentence. They also agreed, during a meeting at Gordon House, to cut the maximum sentence parish courts can impose to six months but left the $2 million fine in place.
Among those in attendance was Dr Andrew Wheatley, who chaired the committee until he resigned as energy minister last August amid corruption allegations at several entities under his portfolio.
Before his contribution to the discussion, Wheatley apologised for his prolonged absence from the committee.
“I was reliably misinformed that I was no longer a member of the committee,” he told his colleagues. “I checked with the clerk [to the Houses of Parliament], and she confirmed that I was still a member of the committee. I apologise for my prolonged absence.”
Wheatley disclosed that the thinking at the time the proposed legislation was crafted was that the fines would help to ensure that “we have a certain level of compliance and afford a certain level of protection to the citizens whose privacy would be affected”.
“The fines … I urge members to not look at it as a mere cost to the data controller, but more to ensure that they adhere to the regulations, that they adhere to what the act stipulates,” he argued.
“Oftentimes, we create laws, and within three to five years, the penalties appear to be nothing but a token and persons would just gladly break the law because the fines are not substantial to act as a deterrent”.
For opposition member of the committee Mark Golding, it amounts to “overkill” to have data processors who fail to register placed before the circuit court.
Seeking to explain his position, Golding noted that the offence “doesn’t involve any implication of a breach of standard or any misuse of the data in any way.
“It is really a failure to comply with an administrative requirement. I don’t see, in that instance, why they should be prosecuted in the circuit court for this offence. I don’t understand that,” Golding posited.
He argued, too, that the two-year prison sentence proposed for the parish court was excessive and lends itself to the potential for abuse.
“Let us say a church – a small church in August Town or Trench Town that has a computer on which it has a database of its members and information about them ... – hasn’t applied for an exemption and isn’t even aware that there is a facility for an exemption,” Golding suggested. “Next thing, some constable, who has some other reason to be annoyed with somebody senior in the church, decides to charge them under Section 18 of this act, and they can go to prison for two years.”