Jamaica’s Data Protection Act will be coming into effect on 1 December 2023, but myths and misconceptions have persisted. With Grace Lindo, an attorney at law at Carter Lindo in Jamaica, we tackle some of the misconceptions along with exploring compliance in a variety of different scenarios. Among other things, Grace also discusses the potential implications and obligations under the new dispensation: when using certain technologies and platforms, such as WhatsApp, Artificial Intelligence and ChatGPT in the workplace; in the ethical use of data, particularly for research; in direct marketing; and when data breaches occur.

 

This episode is also available on SoundCloud, Apple Podcasts, Google Podcasts, Spotify and Amazon Music!!

With the recent spate of high-profile data breaches across the Caribbean region, and more importantly, the catastrophic manner in which some of them were handled, we have all become even more attuned to matters related to privacy and data protection. Although many Caribbean countries have data protection legislation in place, some still do not or are still in the process of operationalising all of its provisions. Jamaica falls into the latter, but much of the law is expected to come into effect on 1 December 2023.

Jamaica’s Data Protection Act was passed in June 2020, but is only coming into effect now, following a two-year lead time from the appointment of the Information Commissioner to ready its office and the country for what is to come. However, there have been concerns that the private sector, particularly micro, small and medium-sized entities, is still not as prepared as it should be, and the Office of the Information Commissioner, the data protection regulator, may not be sufficiently resourced and possess the requisite capacity to manage the scale of its mandate. As a result, there has been a lot of confusion and misconceptions on how to become compliant with the Act have persisted.

Although we have had several conversations on the Podcast on privacy and data protection, we have not delved deeply into Jamaica’s data protection legislation. We thus thought it opportune to not only shed some light on the Act and its requirements for organisations based in Jamaica, but also highlight the approach to privacy and data protection that Jamaica has adopted, which others may find useful and insightful.

 

Introducing our guest

Grace Lindo

Grace Lindo is a commercial and intellectual property lawyer who has practised at major Jamaican law firms for over fifteen years. She has worked with local and international clients in a diverse range of sectors that are looking to do business in Jamaica, or Jamaican entities with regional or international corporate aspirations. Her practice covers commercial law, intellectual property, technology and technology transactions, e-commerce, trade, regulatory matters, cybersecurity, data protection, corporate governance and mergers and acquisitions. A Chevening Scholar, she attended the London School of Economics and Political Science (LSE) from which she obtained a Master of Laws (LL.M) in Competition, Trade and Innovation with a focus on technology regulation.

Grace has been consistently ranked as a leading trademark professional in the Caribbean by the World Trade Mark Review (WTR) since 2014. She is a Certified Information Privacy Professional (CIPPE), an accreditation given by the International Association of Privacy Professionals (IAPP), the foremost accreditation body on data protection/privacy worldwide. Grace was an Internet Corporation for Assigned Names and Numbers (ICANN) Fellow for the years 2017—2019, an honour which has seen her contribute to global internet and technology policy through the extensive ICANN network. She currently sits on the Legislation and Regulations Committee of the Jamaica Chamber of Commerce as well as the Commercial and Intellectual Property Committees of the Jamaica Bar Association.

 

Insights into our conversation

Grace has been on the Podcast twice before this current visit and we have had a long-running conversation on privacy and data protection. Although this discussion is on Jamaica’s Data Protection Act, instead of focussing exclusively on the provisions and the requirements for compliance, we tried to address popular myths and misconceptions that have emerged.

Further, with the Act fast becoming a reality and will be put into practice, questions have arisen on how certain provisions will be operationalised or will work in specific situations. A few areas Grace was keen that we discuss direct marketing, managing sensitive data such as health information, and artificial intelligence to name a few.

Below are some of the questions posed to Grace during our conversation.

  1. Let’s start by setting the stage. What types of data does the Act cover, and who are required to comply?
  2. What are some of the misconceptions of which you are aware that businesses/people have regarding the Act and how they might need to adjust their operations to comply?
  3. And in your opinion, how would you grade public education around the Data Protection Act and the compliance requirements?
  4. A source of confusion has been regarding certain roles specified under the Act, namely, the data controller, the data processor, and the data protection officer roles. How are they different? When and why are they necessary?
  5. What are 3 to 5 things you would advise an entity to do to become better aligned with Jamaica’s Data Protection Act?

 

We would love to hear your thoughts!

Do leave us a comment either here beneath this article, or on our Facebook or LinkedIn pages, or via Twitter, @ICTPulse.

Also, if you or a member of your network is interested in joining us for an episode, do get in touch.

Let’s make it happen!

 

Select Links

Below are links to some of the organisations and resources that either were mentioned during the episode, or otherwise, might be useful:

 

 

Images credit:  Carter Lindo; Freepik; Nick Youngson (Pix4free); Gordon Johnson (Pixabay)

Music credit: The Last Word (Oui Ma Chérie), by Andy Narrell

Podcast editing support: Mayra Bonilla Lopez