Letter of the Day | How are we ensuring protection of digital data?
THE EDITOR, Sir:
Globalisation and the information revolution have led to new avenues for illegal and unethical practices. The interconnected nature of the Internet and networked computers makes invisible data gathering, monitoring and sharing information extremely easy.
An article in The Gleaner of March 22 stated that the Electoral Commission of Jamaica (ECJ) earned $1, 290,850 from financial institutions and credit bureaus for information sold to them over the past three years. To date, no one has denied the claim, which causes concern Meanwhile, the ECJ said it is not selling personal information. This response is weak and requires an explanation on how it would classify the extraction of parts of information and giving access, compared to giving total access. Is that OK because they have extracted some parts for sharing? I am not sure that is a good response.
There are several issues: 1. What is the Government’s policy on sharing information? 2. Was permission given to the Electoral Office for the secondary use of individuals’ personal data? 3. Does the Government or its agencies have the right to use people’s information however they wish? 4. How does the Data Protection Act apply to this situation? 5. Who will ‘guard the guards’?
The career of choice for many younger people in our country seems to be scamming. With the rise in cybercrime incidents, sensitive information getting into the wrong hands can put persons and their livelihood at significant risk. The Gleaner article highlighted one agency involved in sharing and profiting from data. How widespread is this practice? Who has access to this data? What safeguards are in place to ensure data do not fall into the wrong hands? I am uncertain if persons were informed of the secondary use of their data. While debate surrounds the legality of these actions, questions remain about the breach of personal privacy and the attendant moral and ethical codes of conduct. These actions will breach trust, which is key to fostering good relationships. With the Data Protection Act yet to be given ‘teeth’, the jury is still out on these matters, leaving us without protection from these types of conduct.
There is a thrust by the Government to implement the National Identification System (NIDS). Proper implementation of the NIDS can result in improved effectiveness, efficiencies and strengthening of governance. The NIDS can be the medium to manage the Government’s fragmented and loosely connected departments and agencies better. However, if the Government is serious about building trust, then it must address the matter at hand with the urgency that it deserves. Situations like these will widen the trust deficit, and should not be considered unimportant and given the usual silent treatment.
According to the General Data Protection Regulation (GDPR) for use of personal data, individuals have “the right to an explanation”. It posits that the processing and use of personal data should benefit and advance humanity. The GDPR points out that while protecting personal data should not be viewed as an “absolute right”, it should be balanced against fundamental/constitutional rights based on the “principle of proportionality”. The regulation is clear: people should have a say in divulging their personal data.
The Government and its agencies of the State need to lead by example. The Government crafted and presented the Data Protection Act to the people. They are supposed to be the guardians of Jamaica’s ‘information panopticon’. However, who will ‘guard the guards’? It is very important that the Government practise what they preach and lead by example. Anything outside of that is unacceptable and will only compromise their moral and ethical standing. Ensuring that a society functions at an acceptable level depends on monitoring and convincing individuals and organisations to do what is deemed right.
School of Computing and Information Technology
University of Technology, Jamaica