Jamaica-based managed IT services provider tTech Limited is urging the corporate sector in Jamaica to prioritise data protection and, specifically, IT compliance for their operations in the new year, in accordance with the new Data Protection Act.

The charge was made following discussions during the company’s Data Protection Day webinar on Saturday (January 28). Data privacy, liability, the Data Protection Act, IT compliance and its implications and requirements were some of the far-reaching topics that moderators, Lesley-Anne Wilson – who is a Business Analyst at tTech and Jaleel Henry, a tTech Security Specialist led, with special insights from guests Chukwuemeka ‘Chuk’ Cameron, Founder of Design Privacy, GraceKennedy’s IT Operations Manager, Omar Bell and Mayberry’s Chief Information Officer (CIO), Krishna Singh.

Essential to the discourse was the underlying question that, according to Jaleel, business operators who are just coming into awareness of the Act are most keen on finding out from tTech – what their businesses or industries need to know or do to be compliant with the Data Protection Act.

Jaleel contended that there is no guesswork about what is required, but the challenge now lies in completing the steps from registration to full compliance on-time.

He explained that “the seventh standard of the Data Protection Act speaks to a specific set of technical measures that are required for entities across the board to implement that will ultimately ensure that, where they are in a position to receive and process customers’ personal data, it is not accessed or shared by unauthorised persons”. 

He continued, saying: “This means that businesses, to avoid embarrassment from breaches, incidents of fraud, client mistrust and legal ramifications, need to have a robust plan of action in place by the compliance deadline, December 1, 2023.”

Cameron, who has been a partner at the forefront of data protection education efforts over the past three years with tTech, added that “unfortunately, many entities still don’t believe that breaches can and will happen to them and, further, the data protection and IT compliance laws and sanctions won’t apply to them. They think it’s just the ‘big guys’ that get targeted”. 

AUTHORITY TO HAND OUT FINES

He stated that “On the contrary, businesses of all sizes and across all industries will find that they will not be exempt from the strict data protection and IT compliance laws, and breaches of these laws could, unfortunately, see monetary fines of up to four per cent of their revenue. Additionally, companies that are seeking and already have international trading partners will be required to become data protection and IT compliant if they want to maintain those relationships”.

Under the law, the newly installed Data Comissioner will have the authority to hand out fines or stop organisations’ business operations that allow them to receive or process persons’ data. These operations could include accepting credit or debit card payments, onboarding new clients, or accessing client records.

Bell and Singh, whose respective organisations – GraceKennedy and Mayberry Investments Limited, have begun the meticulous compliance process with tTech’s help, agreed that consideration of the legal, technical and other risks associated with non-compliance, despite the challenges, was a key driver in their decision to get on-board. They were assured, however, that the value of what is to be achieved through compliance outweighs the cost and surpasses any of the challenges.

Finally, Wilson appealed to the corporate sector that it would be best for businesses to join the movement and begin to view protection and compliance as a matter of utmost priority for them in the new year.

She further stated that members of the public, as data subjects under the law – who entrust their personal information to these organisations, should pay closer attention to how their information is being treated and help to hold these companies accountable.