Tuesday 17 May 2022
Select a region
News

"Openness and transparency" at the heart of data protection

Thursday 26 August 2021

"Openness and transparency" at the heart of data protection

Thursday 26 August 2021


The Bailiwick's Data Protection Office carried out 24 investigations and made two high-profile fines in 2020 - however the strategic focus is on ensuring the community "appreciates the need for good protection of data".

The ODPA has published its annual report for 2020, setting out details of its enforcement work, strategic aims and the ever-present role that data plays in our daily lives.

The Bailiwick Commissioner, Emma Martins, confronts a stigma that some have labelled data protection with and seeks to emphasise the benefits that come from good governance and respect. 

“What I consider one of the biggest challenges we face in the area of data protection is that it is seen as being in conflict with innovation, progress, prosperity.

“I can (and do) rail against the misleading perception that data protection stands in the way of such important goals, but railing won’t help

2020_ODPA.png

Pictured: 2020 in numbers for the ODPA, which had over 900 registered businesses and carried out 24 investigations.

“If our community does not appreciate the need for good protection of data, no amount of law changes will help. What we need to do is reflect seriously on how we can better deliver those objectives by positively engaging organisations and individuals.

“There are lots of ways we can do this, including clearly articulating why data protection is an enabler, both economically and socially; helping organisations to recognise the commercial imperative to respect people’s rights; and building a culture of respect as a jurisdiction which embeds data governance into everything that it does. 

“If we do all that well, then we move beyond the sense that regulation is in conflict with prosperity and start to see it as a precondition of it.“

The ODPA publishes information about its enforcement action against data breaches, which is one was that it hopes to communicates the sorts of issues that may lead to regulatory action and, crucially, work to prevent them from happening again.

The Office received 38 complaints about data breaches - the majority of which related to public bodies - investigated 24 of those, and sanctioned 11.

sure_telephone_data_breach.png

Pictured: Sure was fined £80,000 for breaching data protection, after publishing 119 numbers which should never have been printed and 244 “errors and inaccuracies” overall in the 2019/20 telephone directory.

"This year has also seen a number of significant enforcement actions taken by the Authority as a result of complaints made to us," said Mrs Martins.

"Understandably this has led to a degree of media interest and we have taken the deliberate decision to be as open and transparent as possible in all our activities, including regulatory action.

"That has probably been uncomfortable for those organisations. But the principle of openness in dealing with breaches of the Law is an important one because an environment of transparency and accountability encourages trust and confidence in us by those that make complaints."

During 2020, the Authority took its first significant enforcement actions by issuing two administrative fines.

The first was issued to Sure (Guernsey) Limited in September 2020 over inaccuracies in the 2019/2020 telephone directory. They were fined £80,000 for a lack of transparency as to how personal data was to be processed, for publishing personal data which contained inaccuracies, and for the publishing the details of 119 ex-directory members of the community. 

trinitybchambers_data_breach.png

Pictured: Trinity Chambers was fined £10,000 after it sent out files containing "highly confidential and sensitive information" by email and in the post without appropriate security. 

The second fine was issued to Trinity Chambers LLP in November 2020 for unauthorised disclosure of highly sensitive and private information about a person and their family.

They were fined £10,000 to reflect the serious nature and impact of failing to look after the data in question, which resulted from sending files via email and by post without appropriate security.

Sign up to newsletter

 

Comments

Once your comment has been submitted, it won’t appear immediately. There is no need to submit it more than once. Comments are published at the discretion of Bailiwick Publishing, and will include your username.

There are no comments for this article.

To place a comment please login

You have landed on the Bailiwick Express website, however it appears you are based in . Would you like to stay on the site, or visit the site?