Data protection law could affect BPOs, Opposition MP cautionsWednesday, December 13, 2017
BY ALPHEA SAUNDERS
OPPOSITION Members of Parliament (MPs) raised concerns about some of the provisions of the Data Protection Act at yesterday's second meeting of the joint select committee of the House of Representatives which is examining the legislation, urging caution in the implementation of a compliance regime that could undermine the competitiveness of certain businesses.
St Andrew Southern MP Mark Golding stressed that legislators should be especially cognisant of the effects of the Bill on companies, such as those involved in business process outsourcing operations, which is an export service on which Jamaica is now heavily dependent for economic growth.
“It's an industry which Jamaica has been relying on as a major contributor to new jobs, and which is sensitive to international competitiveness. I am a bit concerned about the applicability of this regime to that activity in terms of the regulatory costs that would be imposed on these firms. This is a very important issue that we must be mindful of,” he said.
Golding further argued that, while he is not suggesting that standards be compromised, legislation must consider the economic context in which it will be applied.
“We sometimes, in trying to ensure compliance with the best of the best, ignore some of the realities that our economic players and citizens have to deal with, in terms of the size of their firms, their cost structure, their revenues, [etc],” he said.
The Opposition MP said he had concerns that some of the provisions of the law are being driven by the Economic Partnership Agreement (EPA) which Jamaica and other CARIFORUM countries signed with the European Union (EU) in 2008, but has not yet ratified.
The Bill seeks to secure the confidentiality of personal data held by government and other entities, and provides for the rights of individuals in relation to their data held by those entities.
An information commissioner office is to be set up to oversee the manner in which these data are handled.
Under the EPA, states are to establish appropriate legal and regulatory regimes in line with international standards to protect personal data.
Another major issue which committee members debated with officials of the Ministry of Science, Energy and Technology was the provision that allows data on Jamaicans and Jamaican transactions to be stored on servers outside of the country.
“To the extent that data is stored outside of our country, then the level of control that we have over it would be less than if it were here… For example, when the credit bureau was being contemplated, a real issue for the conceptualisers of that was that credit information about Jamaica should not be stored outside of Jamaica,” Golding noted.
Chief technical director for information and communication technology in the Ministry of Science, Energy and Technology Wahkeen Murray explained that there are no specific requirements for data to be stored locally; data controllers will have an obligation, under law, to protect the data that they process.
“If processing is even taking place outside of Jamaica it still has to be held to the standard here, because the legislation would be applicable to you irrespective of where you store [the data]. What is going to be required of data controllers is that, as they think about where they will be storing their data, you have to also consider whether that jurisdiction offers adequate levels of protection for the data,” Murray outlined.
Golding argued, however, that data which originates in Jamaica should only be stored here, “unless there is a good reason for it not being [stored] here”, a point with which committee chairman and portfolio minister Dr Andrew Wheatley agreed, noting that the Credit Reporting Act should be examined for reference.
MP for St Andrew South Eastern Julian Robinson pointed out that legislation could be used to mandate critical agencies such as the Registrar General's Department and the Electoral Office of Jamaica, and the soon-to-be-implemented national identification system, to meet the highest data protection standards necessary.
“[With] that level of personal data being stored in another country, if issues arise, like cyber security, it puts you at a different level of vulnerability than if the data was here,” he said.
Wheatley said the ministry has begun issuing invitations to a range of interest groups to make submissions to the joint select committee.