The document provides an overview of the key aspects of the Data Protection Act of 2011 in Trinidad and Tobago. It defines important terms like "data", "data matching", and "sensitive personal information". It outlines general privacy principles for organizations regarding collecting, using, storing and disclosing personal data. It also describes rights for individuals, rules for transferring data outside the country, retention periods, penalties for non-compliance, and whistleblower protections. More details on the Act can be found on the Trinidad and Tobago Parliament website.
2. Disclaimer
While every attempt has been made to ensure that the information in this
document is accurate and complete, some typographical or technical errors may
exist. Lorson Resources Limited cannot accept responsibility for any kind of loss
resulting from the use of this document.
This information serves only as a guide and an introductory perspective of the
Data Protection Act, 2011 of Trinidad & Tobago.
3. Data Protection Act, 2011
The Data Protection Act 2011 is awaiting proclamation. It shall come
into operation on such a day as is fixed by the President of Trinidad and
Tobago by Proclamation. This can be brought into force at practically a
moment’s notice
5. Data
Means any:
• Document
• Correspondence
• Memorandum
• Book
• Plan
• Map
• Drawing
• Pictorial or graphic work, photograph, film, microfilm, sound
recording, videotape
• Machine-readable record and any other documentary material,
regardless of form or characteristics, and any copy of those things;
6. Data Matching
Means the:
comparison, whether naturally or by means of any electronic
or other device, of any data that contains personal
information about individuals with other documents
containing personal information about individuals for the
purpose of producing new forms of information about
individuals;
7. Responsibility
Every director and officer of a corporation shall
take reasonable care to ensure that the
corporation complies with—
(a) this Act and the regulations made there
under; and
(b) any Orders imposed by the Commissioner or
his delegate.
8. Responsibility
“Head of a Public Body” means :
• the President, the Prime Minister,
• the President of the Senate,
• the Speaker of the House of Representatives,
• the Chief Administrator of the Tobago House of
Assembly,
• the Chief Secretary of the Tobago House of Assembly,
• the Permanent Secretary of a Ministry,
(cont’d)
9. Responsibility
“Head of a Public Body” means :
• the Head of a Government Department,
• the Head of the Judiciary,
• Chief Executive Officer of an enterprise or
• the Chairman of an agency or
• where such title does not exist, the person who
performs such duties;
(cont’d)
10. General Privacy Principles
An organization shall be:
• responsible for the information under its control:
• identify/declare purpose for which personal
information is collected prior to collection
• ensure that “collectee” knows and agree to
• legally undertaken and be limited to what is necessary
for purpose identified
• retained for as long at the identified purpose is
fulfilled.
• Not disclose
11. General Privacy Principles
• Accurate and up-to-date
• Protected by appropriate safeguards in keeping with
sensitivity
• Exception from additional processing unless by law
• Disclose of policy & practices regarding personal
information management unless by law
• Disclose all documents relating to the existence use
and disclosure of information
In other words have in place security arrangements against
such risks as unauthorized
access, collection, use, alteration, disclosure or disposal
12. Individual Right
• Can challenge the accuracy and completeness of
the information;
• Challenge the organization’s compliance with the
above principles and receive timely and
appropriate engagement from the organization
• Response within thirty days of the request being
made
13. Beyond Border
1. Personal information which is requested to be disclosed
outside of Trinidad and Tobago shall be regulated and
comparable safeguards to those under this Act shall exist in
the jurisdiction receiving the personal information.
2. Stored only in Trinidad and Tobago and accessed only in
Trinidad and Tobago unless—
(a) the individual to whom the information relates has identified the
information and has consented in the prescribed manner to its being
stored in or accessed from another jurisdiction; or
(b) the information is stored in or accessed from another jurisdiction that
has comparable safeguards
14. Retention
• Personal information that has been used by a
public body for an administrative purpose shall
be retained by the authority for such period of
time after it has been used as may be prescribed
by Order of the Minister, to ensure that the
individual to whom it relates has a reasonable
opportunity to obtain access to that information.
• Disposal of all personal information in its control
or custody in accordance with Regulations made
by the Minister under this Act
Based on policy
15. Sensitive Personal Info
Sensitive personal information means
information on a person’s—
• Racial or ethnic origins;
• Political affiliations or trade union membership;
• Religious beliefs or other beliefs of a similar nature;
• Physical or mental health or condition;
• Sexual orientation or sexual life; or
• Criminal or financial record;
16. Sensitive Personal Info
Sensitive personal information may be processed—
1. By a health care professional or an employee or agent
of a health care body at the direction of a health care
professional for the purposes of health and hospital
care where it is necessary for—
• Preventative medicine and the protection of public health;
• Medical diagnosis;
• Health care and treatment; and
• The management of health and hospital care services;
17. Sensitive Personal Info
Sensitive personal information may be processed—
2. Where it has been made public by the person to
whom such information relates;
3. For research and statistical purposes in accordance
with section 43;
4. In the interest of law enforcement and national
security;
5. For the purposes of determining access to social
services; or
6. In accordance with or where authorized by any other
written law.
(cont’d)
18. Penalty
Where a corporation commits an offence
under this Act, any officer, director or agent of
the corporation who
directed, authorized, assented to, or
participated in the commission of the offence
is a party to and commits an offence and is
liable to the punishment provided for the
offence.
19. Penalty
• A person who commits an offence under this Act
is liable upon—
• summary conviction, to a fine of not more than
fifty thousand dollars or to imprisonment for a
term of three years; and
• conviction on indictment, to a fine of not more
than one hundred thousand dollars or to
imprisonment for a term of not more than five
years.
(cont’d)
20. Penalty
• Where the offences under this Act is
committed by a body corporate, the body
corporate shall be liable upon—
• summary conviction, to a fine of two hundred
and fifty thousand dollars ($250,000); and
• conviction on indictment, to a fine of five
hundred thousand dollars ($500,000).
(cont’d)
21. Penalty
Note
• Where a corporation contravenes any of the
provisions of this Act, the Court may impose a fine
of up to ten per cent of the annual turnover of the
enterprise.
• In imposing a fine under subsection (1), the Court
shall take into account—
• the estimate of the economic cost of the
contravention to the consumers, users of the
services in question or any other person affected by
the contravention;
22. Penalty
Note (cont’d)
• the time for which the contravention is in effect is
continuing;
• the number and seriousness of any other
contraventions, if any, committed by the
corporation; and
• any other matter the Court may consider
appropriate in the circumstances.
23. Whistle blower Protection
• An employer whether or not a public body, shall not
dismiss, suspend, demote, discipline, harass or otherwise
disadvantage an employee or deny that employee or deny
that employee a benefit, because—
• the employee acting in good faith, and on the basis of
reasonable belief has—
• notified the Commissioner that the employer or any other person has
contravened or is about to contravene this Act;
• done or stated the intention of doing anything that is required to be
done in order to avoid having any person contravene this Act; or
• refused to do or stated the intention of refusing to do anything that is
in contravention of this Act; or
• the employer believes that the employee will do anything
described in paragraph (a).
24. More Information on the Data Protection Act?
The Data Protection Act of 2011 may be found
online via Trinidad & Tobago’s Parliament
Website
http://www.ttparliament.org/legislations/a2011
-13.pdf
25. Contact Us!
For more information on Lorson Resources Limited’s available Records & Information
Management Products, Services & Training, you can reach us through any of the
following:
Website: http://www.lorsonresources.com
Email: info@lorsonresources.com
Connect with us on FaceBook: www.facebook.com/lorsonresourceslimited
Follow us on Twitter: www.twitter.com/lorsonresources