Earlier this week, the Government of Jamaica advertised for a number of roles in the Office of the Information Commissioner.
This comes on the heel of Barbados carrying out a similar exercise a few months ago. In June, that government advertised for the role of Data Protection Commissioner.
Both Barbados and Jamaica passed substantive data protection acts in the past 18 months. Barbados passed the Data Protection Act, 2019-29 in July 2019 and, a year later, Jamaica passed and assented to the Data Protection Act, No 7 of 2020 in July, 2020.
Neither jurisdiction has, however, taken the relevant procedural steps to actually make their privacy laws enforceable. In the case of Jamaica, this requires the Minister with responsibility for data privacy – currently the Minister for Science, Energy and Technology – to publish a notice in the Gazette. Barbados, on the other hand, requires the Governor-General to proclaim the Data Protection Act, 2019.
If the laws are not in force, no compliance obligations exist for parties processing personal information in these jurisdictions.
The moves by those governments to hire a regulator for their respective privacy laws signals an imminent change in the landscape. Appointing staff is a signal that both jurisdictions are marshalling the necessary human and technical resources to operationalise their respective acts.
To be clear: staffing the regulators is not the end of the operationalisation conversation. Both jurisdictions now need to see about the not insignificant task of preparing regulations to better guide compliance by controllers and (in the case of Barbados) processors of personal data.
A betting man may tell you to expect full operationalisation by 3rd quarter 2021.