THE Senate yesterday passed the long-delayed Data Protection Bill; however, there is a substantive issue regarding what should be the alternative to fines imposed by the courts.

Clause 30 of the Bill states that parish courts can sentence violators to a fine not exceeding $2 million for individuals who wilfully and without lawful authority use any means to breach any pseudonymisation or encryption applied to personal data. However, the Bill does not say what happens if the fine is not paid.

The Bill also includes a maximum fine of $1 million in parish courts for individuals who fail to comply with enforcement, assessment, or information notices, but there is no penalty for failing to pay the fine.

“You want compliance, and if the person is found guilty, you would want it to be paid. And if the person ignores it, then what?… I just want some clarity as to how you would treat with it,” Opposition Member Senator Wensworth Skeffery insisted.

Leader of Government Business Senator Kamina Johnson Smith, who was piloting the Bill through the Senate, responded by saying that the joint select committee that reviewed the Bill had taken into consideration the United Kingdom’s Data Protection Act of 2018, and noted that the particular offences did not attract custodial sentences.

“The discussion was that [of] there being a general movement away from custodial sentences for certain offences. It was felt that this was primarily administrative in its operation and, accordingly, that it would not attract a custodial sentence,” she explained.

However, Senator Johnson Smith agreed that if Opposition senators felt strongly enough about the issue she would refer it to Minister of Science, Energy and Technology Fayval Williams, who chaired the joint select committee in its final year, to consider including custodial sentences for failing to pay the fines when it gets back to the House of Representatives next week.

The Government is seeking to enact legislation to secure the confidentiality of personal data which may be in the possession of entities, including government authorities, and to protect the rights of individuals in relation to their personal data in the possession of those entities.

Responsibility for the implementation and administration of this legislation falls under the portfolio of the minister responsible for information and communication technology.