Flow, Digicel talk compliance with new data protection law
Communication companies Digicel and Flow are amongst the first set of private companies to come out with messages on data privacy, amid the implementation of the Data Protection Act (DPA) on December 1.
Over recent weeks the telecommunications giants have published information detailing how data are collected, used, and stored; but both have also sought to assure consumers that safeguarding personal information remains their top priority.
In an e-mail advisory, Flow said that, while it respects the rights of customers to know, access, transfer or restrict the processing of their data, it also believes that a company’s ability to use and share consumer data can potentially provide a superior customer experience through greater access to information or services relevant to them.
The telecommunications companies were chastised in prior years for numerous spam calls and texts for promotional items, triggering calls for greater protection of data collected.
But, in an updated message, the telecoms companies say they will only gather information that is crucial for the provision of their services, while noting that the personal information of its customers is not sold to anyone, nor does it share your personal information with other companies, the Government or any third party except in specific situations.
Both Flow and Digicel say they will only share personal information when given written permission to do so, where it is necessary for the completion of transactions, for research purposes only by a consumer reporting agency, to comply with a governmental agency or court orders or disclosure is required by law to prevent a crime (including fraud), and where disclosures are necessary to protect or defend the company’s rights or property or those of its users/subscribers.
“Your personal information is kept strictly confidential. We may use your IP address to help diagnose problems with Flow’s service, and to administer its website. Your IP address may also be used to gather broad demographic information.
“This data may be aggregated to gauge local interest or tailor Flow’s service or promotional offerings. Flow uses ‘cookies’ to deliver content specific to your interests. Flow does not save your password or user credentials, you must re-enter them each time you visit Flow’s site,” Flow said in its advisory.
Flow said it uses “robust” measures to safeguard personal data, including, but not limited to staff training and awareness, internal privacy and data protection policies and procedures to address, among other things, personal data management practices, retention periods and vendor governance; alongside physical and technological security measures.Meanwhile, group head of privacy and data protection at Digicel, Kelly-Rae Campbell says Digicel has renewed its commitment to privacy and exercising responsible and secure data protection practices.
“Our products and services empower, transform, and improve the digital lives of our consumers, and we recognise privacy not just as a policy or compliance requirement, but also as a tool for enhanced transparency, empowerment, and autonomy,” she said.
The updated policies around data protection come amid a six-month extension for the registration of data controllers with the Office of the Information Commissioner (OIC) on requests from several entities that they need some more time to be compliant with the Data Protection Act.
The new law, which applies to both public and private sector organisations collecting personal information during the normal course of business, was passed in 2020 but took operational effect on December 1.
Several private firms as well as government agencies and ministries continue to prepare themselves for the changes, including the Passport, Immigration and Citizenship Agency (PICA), Urban Development Corporation of Jamaica (UDC), and the Ministry of Science, Energy and Telecommunications and Transport (MSETT).