Newsday Trinidad reports that the Telecommunications Authority of Trinidad and Tobago (TATT), has issued a reminder to the telecos in the twin-island republic to protect the data of their customers. TATT’s reminder comes in the wake of the public disclosure of the telephone records of a government minister.
The minister’s unfortunate circumstances aside, this story allows for a teaching moment about the potential value of having privacy and data protection legislation.
Trinidad’s Data Protection Act
Trinidad and Tobago, at the time of writing, is among a handful of jurisdictions in the Commonwealth Caribbean to have passed comprehensive privacy and data protection legislation. Trinidad’s Data Protection Act was partially brought into force in 2011. Despite some criticism (for e.g. here and here) the act offers fairly comprehensive protection for the personal information of citizens of the twin-island republic.
The act provides all individuals in Trinidad with direct recourse against any entity or person that either: i) wilfully discloses personal information in contravention of the act; or ii) collects, stores or disposes of personal information in a manner that contravenes the act.
The act establishes a data commissioner’s office. This commissioner holds responsibility for not only investigation and enforcement, but also, public awareness about privacy.
This means that:
- i) recourse is no longer against just public bodies;
- ii) there is no longer a need to bring a convoluted (and comparatively expensive) constitutional motion to protect against a breach of privacy;
- the scope of that privacy right protection is not limited (for e..g. what expressly constitutes private information);
- there are severe enough fines to make the protection of individuals’ private information a priority for entities that handle private data; and
- the notion of privacy is more likely to become part of the public agenda going forward.
Act not fully proclaimed
Here is the kicker, however: The Trinidad Data Protection Act has never fully been proclaimed. At last check, only the provisions concerning the establishment of a data commissioner’s office were brought into effect. Therefore, most of the critical sections of the Act are not enforceable.
What this means for the goodly minister is that, with the best of intentions, his options for recourse are limited. In effect, despite the existence of the Act on paper, Trinidadians currently have no real recourse when their personal data is handled in a manner that would constitute a breach.
Trinidad and Tobago is considered one of the regional leaders in advancing the information society. Practical signs point to:
- the establishment of a multi-stakeholder advisory group for crafting policies of the .tt domain;
- successful domestic e-commerce entities like Trini Trolley; and
- being the first (and only at the time of writing) English-speaking Caribbean country to have sophisticated internet-based app, Uber.
This is clearly a nation that intends to advance its information society agenda. It therefore behooves the twin-island state to give effect to the fundamental aspects of the act as it continues its developmental march.