Understanding the Trinidad & Tobago 2011 Data Protection Act
DisclaimerWhile every attempt has been made to ensure that the information in thisdocument is accurate and complete, some typographical or technical errors mayexist. Lorson Resources Limited cannot accept responsibility for any kind of lossresulting from the use of this document.This information serves only as a guide and an introductory perspective of theData Protection Act, 2011 of Trinidad & Tobago.
Data Protection Act, 2011 The Data Protection Act 2011 is awaiting proclamation. It shall comeinto operation on such a day as is fixed by the President of Trinidad and Tobago by Proclamation. This can be brought into force at practically a moment’s notice
Data Means any:• Document• Correspondence• Memorandum• Book• Plan• Map• Drawing• Pictorial or graphic work, photograph, film, microfilm, soundrecording, videotape• Machine-readable record and any other documentary material,regardless of form or characteristics, and any copy of those things;
Data MatchingMeans the: comparison, whether naturally or by means of any electronic or other device, of any data that contains personal information about individuals with other documents containing personal information about individuals for the purpose of producing new forms of information about individuals;
ResponsibilityEvery director and officer of a corporation shall take reasonable care to ensure that the corporation complies with—(a) this Act and the regulations made there under; and(b) any Orders imposed by the Commissioner or his delegate.
Responsibility“Head of a Public Body” means :• the President, the Prime Minister,• the President of the Senate,• the Speaker of the House of Representatives,• the Chief Administrator of the Tobago House of Assembly,• the Chief Secretary of the Tobago House of Assembly,• the Permanent Secretary of a Ministry, (cont’d)
Responsibility“Head of a Public Body” means :• the Head of a Government Department,• the Head of the Judiciary,• Chief Executive Officer of an enterprise or• the Chairman of an agency or• where such title does not exist, the person who performs such duties; (cont’d)
General Privacy PrinciplesAn organization shall be:• responsible for the information under its control:• identify/declare purpose for which personal information is collected prior to collection• ensure that “collectee” knows and agree to• legally undertaken and be limited to what is necessary for purpose identified• retained for as long at the identified purpose is fulfilled.• Not disclose
General Privacy Principles• Accurate and up-to-date• Protected by appropriate safeguards in keeping with sensitivity• Exception from additional processing unless by law• Disclose of policy & practices regarding personal information management unless by law• Disclose all documents relating to the existence use and disclosure of information In other words have in place security arrangements against such risks as unauthorized access, collection, use, alteration, disclosure or disposal
Individual Right• Can challenge the accuracy and completeness of the information;• Challenge the organization’s compliance with the above principles and receive timely and appropriate engagement from the organization• Response within thirty days of the request being made
Beyond Border1. Personal information which is requested to be disclosed outside of Trinidad and Tobago shall be regulated and comparable safeguards to those under this Act shall exist in the jurisdiction receiving the personal information.2. Stored only in Trinidad and Tobago and accessed only in Trinidad and Tobago unless— (a) the individual to whom the information relates has identified the information and has consented in the prescribed manner to its being stored in or accessed from another jurisdiction; or (b) the information is stored in or accessed from another jurisdiction that has comparable safeguards
Retention• Personal information that has been used by a public body for an administrative purpose shall be retained by the authority for such period of time after it has been used as may be prescribed by Order of the Minister, to ensure that the individual to whom it relates has a reasonable opportunity to obtain access to that information.• Disposal of all personal information in its control or custody in accordance with Regulations made by the Minister under this Act Based on policy
Sensitive Personal Info Sensitive personal information means information on a person’s—• Racial or ethnic origins;• Political affiliations or trade union membership;• Religious beliefs or other beliefs of a similar nature;• Physical or mental health or condition;• Sexual orientation or sexual life; or• Criminal or financial record;
Sensitive Personal InfoSensitive personal information may be processed— 1. By a health care professional or an employee or agent of a health care body at the direction of a health care professional for the purposes of health and hospital care where it is necessary for— • Preventative medicine and the protection of public health; • Medical diagnosis; • Health care and treatment; and • The management of health and hospital care services;
Sensitive Personal InfoSensitive personal information may be processed— 2. Where it has been made public by the person to whom such information relates; 3. For research and statistical purposes in accordance with section 43; 4. In the interest of law enforcement and national security; 5. For the purposes of determining access to social services; or 6. In accordance with or where authorized by any other written law. (cont’d)
PenaltyWhere a corporation commits an offenceunder this Act, any officer, director or agent ofthe corporation whodirected, authorized, assented to, orparticipated in the commission of the offenceis a party to and commits an offence and isliable to the punishment provided for theoffence.
Penalty• A person who commits an offence under this Act is liable upon—• summary conviction, to a fine of not more than fifty thousand dollars or to imprisonment for a term of three years; and• conviction on indictment, to a fine of not more than one hundred thousand dollars or to imprisonment for a term of not more than five years. (cont’d)
Penalty• Where the offences under this Act is committed by a body corporate, the body corporate shall be liable upon—• summary conviction, to a fine of two hundred and fifty thousand dollars ($250,000); and• conviction on indictment, to a fine of five hundred thousand dollars ($500,000). (cont’d)
Penalty Note• Where a corporation contravenes any of the provisions of this Act, the Court may impose a fine of up to ten per cent of the annual turnover of the enterprise.• In imposing a fine under subsection (1), the Court shall take into account—• the estimate of the economic cost of the contravention to the consumers, users of the services in question or any other person affected by the contravention;
Penalty Note (cont’d)• the time for which the contravention is in effect is continuing;• the number and seriousness of any other contraventions, if any, committed by the corporation; and• any other matter the Court may consider appropriate in the circumstances.
Whistle blower Protection• An employer whether or not a public body, shall not dismiss, suspend, demote, discipline, harass or otherwise disadvantage an employee or deny that employee or deny that employee a benefit, because—• the employee acting in good faith, and on the basis of reasonable belief has— • notified the Commissioner that the employer or any other person has contravened or is about to contravene this Act; • done or stated the intention of doing anything that is required to be done in order to avoid having any person contravene this Act; or • refused to do or stated the intention of refusing to do anything that is in contravention of this Act; or• the employer believes that the employee will do anything described in paragraph (a).
More Information on the Data Protection Act?The Data Protection Act of 2011 may be found online via Trinidad & Tobago’s Parliament Websitehttp://www.ttparliament.org/legislations/a2011 -13.pdf
Contact Us! For more information on Lorson Resources Limited’s available Records & Information Management Products, Services & Training, you can reach us through any of the following:Website: http://www.lorsonresources.comEmail: email@example.comConnect with us on FaceBook: www.facebook.com/lorsonresourceslimitedFollow us on Twitter: www.twitter.com/lorsonresources