News
JAM | Oct 12, 2022

Barclay warns financial institutions Data Protection Act will hold them responsible

Tamoy Ashman

Tamoy Ashman / Our Today

Reading Time: 2 minutes
Information Commissioner Celia Barclay.

Information Commissioner Celia Barclay is warning financial institutions to put measures in place to protect customers’ data, noting that, under the new Data Protection Act, they will have sole responsibility for any breaches.

Barclay was speaking at the annual the Anti Money Laundering/Counter Financing of Terrorism Conference yesterday (October 11) where she presented on the Data Protection Act to the heads of financial institutions in Jamaica.

“If you have not started to put in place systems that will allow you not just to protect and secure information but to uphold and enforce [customers’] rights, you are already on the wrong side of the Act,” she warned the institutions.

She explained that, under the new law, financial institutions will be held responsible for the data of their current customers and those who died 30 years ago.

The new Act also places sole responsibility on these institutions and not their data processing officers, said Barclay.

“At the end of the day, if there is a breach, you cannot blame your data processor. What the Act says is that you, as the controller or institution, and in some cases the individual, are liable,” said Barclay.

She added that data processors “are only there as a form of guidance and they do not assume the responsibility of the institutions they operate”.

However, there is some level of responsibility placed on data processing officers.

“Your data processor has a duty to the regulator authority,” said Barclay.

“Where you fail, they have a responsibility to inform the authorities” and actions will be taken against the institution.

She noted that, under the Act, data processing officers are mandatory and financial institutions cannot refuse to appoint one in fear that they will be reported and held responsible for breaches.

Barclay also noted that, though security measures are good, they are not perfect and financial institutions need to assess how they will deal with breaches when they arise, as they cannot just sweep it under the rug.

“The legislation is called the Data Protection Act for a reason. We did not pass the data security act… so it is not just about how well you secure the information that you have,” said Barclay.

“Data protection is where security meets privacy and then proceeds to intermeddle with governance.”

The aim of the Act is to give back customers’ ownership of their information, said Barclay, allowing them to request information when they want, dictate what information can be shared or used by these institutions and take action if their information and privacy is not protected.

Tags
Celia Barclay data breaches Data Protection Act data security financial institutions Information Commissioner Celia Barclay Jamaica Money laundering

Comments

What To Read Next

News JAM Apr 1, 2026

Young Jamaica calls for resignation of MP Dennis Gordon over UHWI tax exemption scandal

Reading Time: 2 minutesYoung Jamaica, the youth arm of the governing Jamaica Labour Party (JLP), has called for the resignation of East Central St Andrew Member of Parliament Dennis Gordon following revelations made during a recent session of Parliament’s Public Accounts Committee (PAC).

“Young Jamaica, take note of confirmation during yesterday’s Parliament’s Public Accounts Committee (PAC) that JACDEN Limited is among the multi-million dollar beneficiaries of what a recent report from the Auditor General revealed to be the unlawful and inappropriate use of the tax exemption status of the University Hospital of the West Indies (UHWI),” the youth arm said in a statement.
News JAM Apr 1, 2026

PAHO and MOHW conclude after-action review workshop to boost hurricane preparedness

Reading Time: 3 minutesThe Ministry of Health and Wellness (MOHW), in collaboration with the Pan American Health Organisation/World Health Organisation (PAHO/WHO), recently concluded a two-day After-Action Review (AAR) workshop held from March 24–25. The workshop aimed to strengthen Jamaica’s preparedness and response systems following the impact of Hurricane Melissa.

After-Action Reviews are a standard tool in emergency management, used to assess response efforts, capture lessons learned, and improve coordination, planning, and operational systems for future events. Importantly, aligning the AAR process with the International Health Regulations (IHR) ensures that the evaluation of public health emergencies meets globally recognised standards, strengthening Jamaica’s ability to detect, assess, report, and respond to health threats in a timely and effective manner.
News USA Apr 1, 2026

USCIS strengthens screening and vetting of immigration applicants

Reading Time: 2 minutesThe US Citizenship and Immigration Services (USCIS) has announced a series of strengthened screening and vetting measures aimed at enhancing national security and public safety, particularly for applicants from high-risk countries.

In a statement released Tuesday (March), USCIS said its review of pending workloads and benefit applications revealed that prior screening measures were “wholly inadequate.” According to the agency, many applicants for naturalisation and lawful permanent residence were not sufficiently vetted, creating risks to national security and public safety while undermining the integrity of the immigration system.