The St Helena Government (SHG) recently held public information meetings to discuss a new Data Protection policy. This policy aims to safeguard the privacy of individuals and ensure responsible data handling by organizations.
SHG would like to acknowledge and thank those members of the public who attended these sessions. While attendance was limited, the discussions provided valuable insights into community concerns about data privacy. This has been helpful in finalizing the draft Data Protection policy, which has been approved by Executive Council for public consultation.
Presentations and discussions revealed a need for most organizations to draft and/or update appropriate data protection policies. These adjustments will likely necessitate substantial alterations to existing working practices. A primary concern raised during the public meetings in May highlighted the potential impact of this legislation on smaller organizations, particularly charities. There are a significant number of charitable organizations that do extremely valuable work on St Helena but they are run and supported by volunteers with limited resources. To prevent compliance challenges from overwhelming these organizations, the project will focus on providing tailored support and resources.
Some good points raised during the discussion at Harford Community Centre included:
Whilst a data subject (an individual whose data an organization holds) has the right to request a copy of the data an organization holds on them, there will be certain (specific) circumstances where an organization may legitimately withhold or restrict the level of information returned. Examples of this might be information that law enforcement organizations hold in pursuit of an investigation, confidential references relating to an employee or student, certain medical or health-related records if the release of the information would likely cause harm to physical or mental health of the individual or another person.
The need for robust third-party supplier contracts to be in place with privacy factored in. Some organizations appoint a third party to process data on their behalf or if they need to pass on information to a third party to deliver their service, for example, an insurance broker passing details to the underwriter for a policy of insurance to be written or endorsed. Under these circumstances it will be vital to have solid contracts in place with clauses related to data protection and privacy.
It will be vital that the role of the Data Protection Officer (DPO) is well understood by business owners and organization leaders. The DPO is a role that some larger organizations will have to appoint, and they will be focused on ensuring compliance with data protection law. Their responsibilities include advising the organization on its data protection obligations; monitoring compliance; and acting as a point of contact for data subjects and the regulator. The DPO also provides guidance on data protection impact assessments and helps manage data breaches.
Since the first round of public information meetings, Alex Adams of Juju Digital Ltd., has been meeting with organization leaders in private, voluntary, and NGO sectors to further make them aware of the project and bring the discussion to the wider community. One remit of this project set toward commencing later this year is providing support via educational workshops.
Members of the public are invited to review the draft Data Protection policy available online at https://www.sainthelena.gov.sh/wp-content/uploads/2024/08/DataProtectionPolicyv3.2.0_CONSULTATION-DRAFT-AUG24.pdf and in hard copies at Public Library and Post & Customer Services Centre. Your input is crucial in finalizing this policy.
Further information about upcoming public meetings in September regarding this draft Data Protection policy will be shared through social media, radio, and other media platforms.
For organizations seeking more information about their potential obligations under data protection law, please contact Alex Adams via email at alex@jujudigital.com.
###