Expert urges companies to train staff in data security
Shavaniese Arnold, manager of governance, risk and compliance at Privacy & Legal Management Consultants Ltd, is advising business operators that they need to ensure all departments and personnel in their organisations are properly trained in data security in order to ensure protection of personal information.
Arnold, who is also an attorney-at-law, was addressing a data security Webinar hosted by Montego Bay Chamber of Commerce and Industry on the Zoom platform. It was held under the theme, ‘Data protection: Security for you and your customers’.
“A lot of people think that just because they have a good information technology (IT) department, that they are covered under the Data Protection Act (DPA), but that is not so. Awareness is very important, and everybody needs to be trained in the organisation, from the chairman right down to the janitor,” said Arnold.
“People think that the data protection function rests in the IT department and in the legal department, but it is not so. The human resources department processes personal data, and they need to be part of the programme, and every single function in the organisation is going to play a role in your privacy power,” Arnold added.
The warning comes at a time when Jamaica is reeling under the current financial scandal surrounding a $3-billion fraud reported at Stocks and Securities Limited (SSL), which has affected over 30 clients including Usain Bolt.
There have also been multimillion-dollar fraud reports at National Commercial Bank, and Sagicor Bank, where a $65-million fraud is being probed.
Speaking further on the need for data security, Arnold said that the DPA, which was passed in 2020, is crucial for Jamaica to assure potential overseas business partners that their personal information will not be misused.
“What if Jamaica did not have a DPA? There are global standards that we would have to live up by because international people would not want to do business with us unless we can demonstrate to them that we have a particular set of systems and processes in place to protect data, and especially personal data,” Arnold explained.
“You want to prevent data loss, and what you need to understand is that the trust is going to go [in the event of data loss], so you want to ensure you get the relevant systems in place. Do you have a data retention policy? Does it need to be updated in line with the DPA? These are things that need to be considered,” Arnold stressed.
The DPA, which seeks to safeguard the privacy and personal information of Jamaicans, draws attention to the processing of data in a fair and lawful manner, obtaining data for specified purposes, and emphasises that the data are to be adequate, relevant, and not excessive in relation to the purpose for which it is to be processed.
There are 15 territories in the Caribbean, including Jamaica, Barbados, Bermuda, Panama, and The Cayman Islands, with comprehensive data-protection laws.