BitDepthFeatured

Overdue: regulations for regional data protection

3 Mins read

Above: The panel discussing CPRD. From left, George Gobin, Dr Yufei Wu, Bartlett Morgan, Darren Mohammed and Vashti Maharaj. Photo by Mark Lyndersay.

BitDepth#1182 for January 31, 2019

“Is it time for us in the Caribbean to consider our trust issues?” asked George Gobin of the audience gathered for the third local Internet Governance Forum (TTIGF) last Friday.

Introducing the topic of Caribbean Data Protection Regulations (CDPR), the former local Microsoft bossman, career technologist and TTIGF director suggested that such efforts be government led, but guided by the people whose data will be overseen by the process.

Data Protection has become a more heated area of discussion lately, with Europe implementing the General Data Protection Regulations (GPRD) regime, which has forced many Internet companies to either publicly declare how they use customer data or run afoul of the laws now being enforced in EU nations.

Some companies have simply blocked access to their websites from countries in Europe, raising justifiable fears of a balkanized Internet.

Dr Yufei Wu, Associate Professor and Coordinator, Caribbean Institute of Cybersecurity, explained that netizens now had to consider some critical clauses in the GPRD, specifically…

  • How are you protecting against unlawful access to your data?

  • How are you demonstrating a commitment to data protection?

  • What steps are you taking to protect against unlawful access and to manage it when it occurs?

  • What steps are you taking to report on and notify users of any breach?

These aren’t just hypothetical problems either. According to Wu, companies found liable will be fined two percent of their income. Take a moment to work that out.

In fuelling the discussion on CPRD, Wu noted that, “If there are no standards and there is no legislation, there are no barriers as well as no protections.”

“Policy without action is not a complete solution.”

Trinidad and Tobago has a Data Protection Act on its law books, but it’s unclear exactly how these laws will be enforced and by whom.

Bartlett Morgan, a corporate attorney at law with Lex Caribbean in Barbados, agreed with Wu, but suggested that a Caribbean-wide model for data protection would be ideal.

Bartlett Morgan

“We should harmonise our approach,” Morgan said.

“We should be formulating model law that all [Caribbean] nations might use as a starting point for the region to draft their own legal frameworks.”

“Good data protection practices are fundamental, and they tend to pass muster in different regions without significant problems.”

If you use GDPR as your baseline, there’s a good chance you will be compliant in other regions as well.”

“It’s not necessarily a bad thing to avoid copy and paste legislation because there are sometimes local nuances and cultural issues that need to be addressed.”

Such an approach would proceed more smoothly if the region operated with the type of general agreement on basic principles that underwrite most major EU decisions, but Caricom has proven unable to agree, for more than a decade, on a regional court of final appeal for its legal systems.

“Good data protection practices are fundamental, and they tend to pass muster in different regions without significant problems.”

Bartlett Morgan

Vashti Maharaj, Head, Legal Services at the Ministry of the Attorney General and Legal Affairs pointed out that the GDPR represents “a unified position on the handling of data and its protection.”

“Sixty-eight percent of Caribbean nations do not have data protection laws, and some of those who do are quite outdated,” Maharaj said.

“If you had a regional body composed of businesses to drive data protection law, implementation and enforcement, it would happen quickly, because their bottom line is driven by profit and because many of them operate internationally and they need to be compliant with all regulations.”

There’s precedent for that perspective in the global implementation of Generally Accepted Accounting Principles (GAAP) at the turn of the century in the wake of the Sarbanes-Oxley Act.

That pushed state agencies and local companies operating globally to embrace systems, sometimes kicking and screaming, which conformed to the rigours of more transparent accounting systems, which meant navigating the intimidating software products of SAP.

Vashti Maharaj

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

Related posts
FeaturedNews Briefs

Parasram warns of possible GDPR fines after assessing TSTT data dump

2 Mins read
“I have seen information for many people that I know, accurate information.”
FeaturedOpinion

What does the TSTT breach mean for customers?

2 Mins read
The sheer number of affected customers and the types of data involved make this breach significant.
Press Releases

Huawei responds to call for increased EU restrictions

1 Mins read
Cybersecurity is Huawei’s top priority. Huawei has opened a Cyber Security Transparency Centre in Brussels. This centre is open to customers and independent third-party testing organizations.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
1
0
Share your perspective in the comments!x
()
x