The proposed Data Protection Act
... IN SUMMARY (PT 2)
AJOINT select committee of Parliament is currently examining a proposed Data Protection Act, some of the provisions of which several organisations have objected to. Here The Gleaner outlines more features of the legislation.
Rights of data subjects under the act
Access to personal data (written request): • Right to be i nformed whether personal data is being processed; the description of that data; the purpose and the recipients;
• Right to have the data communicated to them, including source of information, in an intelligible form; • To be informed of the logic involved in the making of a decision where personal data was processed by automatic means for evaluating ‘matters’ and has constituted the sole basis for any decision significantly affecting the individual.
Prevent processing likely to cause damage or distress (written notice) where:
• Substantial damage or substantial distress to DS or another and is unwarranted;
• Data incomplete or irrelevant vis-à-vis
purpose of processing;
• Prohibited by law data has been retained for longer than allowable period
Prevent processing for Direct Marketing (Oral or written notice):
Direct marketing is the communication by whatever means of any advertising or marketing material that is directed to particular individuals.
Automatic decision-making (written notice):
Entitlement to ser ve notice to prevent decision making ( except exempt decisions) on the basis of automatic process only for the purpose of evaluating matters in relation to him/her.
Rectification of Inaccuracies (written notice):
A request to have errors/omissions amended, blocked, erased/destroyed as may be required to correct the inaccuracy
Exemptions
To safeguard national security Personal data obtained for: i. the prevention and detection of crime ii. the apprehension or prosecution of offenders iii. the assessment or collection of any tax duty are exempt from the requirement to be processed fairly (first standard); Section 6 (right of access) and the non-disclosure provisions
Personal data processed for the purpose of carrying out a ministerial or public-servant function; any function exercised in the public interest and in connection with public safety, breaches of ethics for a regulated profession, important national or economic interest Personal data processed for journalism, artistic or literary purposes are exempt from the data protection standards; (only for provisions dealing with right of access (6); right to prevent damage/distress (10); right in relation to automated decision-mak ing (12) and rectification obligations (13 (3) and (4))
Personal data processed only for research purposes are exempt from the right of access provision if the relevant conditions are met and does not identify the individual.
Disclosure of personal data is permitted for archival or historical purposes if relevant conditions are met and the individual is dead for 30 years and data is in a record in existence for 30 years.
Disclosure required by law; order of the court or where necessar y made i n connection with any legal proceedings or for the purpose of obtaining legal advice or defending legal rights.
For avoiding infringement of parliamentary privileges of either House (first, second, third, fourth and fifth standards, sections 6; 10 and 13 (3) and (4)).
Penalties for breaches of the act
• Fines of up to $2 million on conviction or up to seven years imprisonment
• Body corporate liable to a maximum fine of 10 per cent of annual gross income
• Personal liability for directors, managers, secretary, where offence is committed with consent or connivance or neglect of those persons.
• Individuals who suffer damage/ distress shall be entitled to compensation.
• Public authority not liable to prosecution, though bound by the act
•Commissioner may impose fixed penalty