Fines for data law breaches outlined
(CNS): The Office of the Ombudsman has published guidelines outlining the various circumstances that could lead to a fine for entities that breach the new Data Protection Law, which came into force in September. “Guidance on Monetary Penalty Orders” explains the details of how a company could be fined up to $250,000 for serious cases and how, in some cases, an organisation could avoid any sanction.
Before issuing a fine the ombudsman must provide the data controller with an opportunity to make representations on any factors mitigating in their favour or against an order and on the amount of the fine. Then the ombudsman will decide whether to issue a monetary penalty order and if so, how much it will be.
The guidance identifies circumstances in which the ombudsman considers it appropriate to issue a fine, including factors that would make a monetary penalty more likely, and factors that would make it less likely. A monetary penalty is more likely if the infringement was intentional or negligent in character.
The amount of any penalty will be determined by the seriousness and intention of the breach, whether it was a “one-off” event, and whether steps were taken to avoid the infraction through staff training or other safeguards.
The Data Protection Law provides the statutory framework for the use of personal information by businesses, organisations, government and public authorities. It also grants rights to individuals in relation to their data. The Office of the Ombudsman is tasked with oversight and enforcement, and individuals have the right to complain to it if they believe their data is being misheld or misused.
For more information and a copy of the guidance see the Office of the Ombudsman’s website or the CNS Library.
- Fascinated
- Happy
- Sad
- Angry
- Bored
- Afraid
Category: Local News
Two words – ‘Never happen!’ Enforcement in these islands is a joke.
I second that motion!
Please start with Digicel. Sick of them spamming my phone third party ads that I cannot block, and farming out our numbers to advertisers and the line. This is my personal number and I only consent to it being shared with people I choose to share it with. I hope dara protection enforcement here will mirror the good work of the ICO in the UK.
1:08 You’ve clearly never had any dealings with the ICO in the UK. I have and it’s a joke!