Train all staff in data security, expert urges businesses
Shavaniese Arnold, manager of governance, risk and compliance at Privacy & Legal Management Consultants Ltd, is advising business operators that they need to ensure all departments and personnel in their organisations are properly trained in data security, to ensure protection of personal information.
Arnold, who is also an attorney-at-law, made the call on Thursday while addressing a data security webinar hosted by the Montego Bay Chamber of Commerce and Industry, under the theme ‘Data Protection: Security for You and Your Customers’.
“A lot of people think that, just because they have a good information technology (IT) department, that they are covered under the Data Protection Act (DPA), but that is not so. Awareness is very important, and everybody needs to be trained in the organisation, from the chairman right down to the janitor,” said Arnold.
“People think that the data protection function rests in the IT department and in the legal department, but it is not so. The human resources department processes personal data, and they need to be part of the programme, and every single function in the organisation is going to play a role in your privacy power,” Arnold added.
Arnold said that the DPA, which was passed in 2020, is crucial for Jamaica to assure potential overseas business partners that their personal information will not be misused.
The act, which seeks to safeguard the privacy and personal information of Jamaicans, draws attention to the processing of data in a fair and lawful manner, obtaining data for specified purposes, and emphasises that the data is to be adequate, relevant, and not excessive in relation to the purpose for which it is to be processed.
“What if Jamaica did not have a DPA? There are global standards that we have to live by, because international people would not want to do business with us unless we can demonstrate to them that we have a particular set of systems and processes in place to protect data, and especially personal data,” Arnold explained.
“You want to prevent data loss, and what you need to understand is that the trust is going to go [in the event of data loss]. So you want to ensure you get the relevant systems in place. Do you have a data retention policy? Does it need to be updated in line with the DPA? These are things that need to be considered,” Arnold stressed.
There are 15 territories in the Caribbean region with comprehensive data protection laws, including Jamaica, Barbados, Bermuda, Panama, and the Cayman Islands.