In keeping with international trends in implementing legislative frameworks for the protection of the privacy of citizens’ persona data, Jamaica passed its Data Protection Act (“DPA” or “the Act”) in June 2020 to make provision for the establishment of an Office of the Information Commissioner (OIC) with responsibility for:

1. monitoring compliance with the Act and attendant regulations;
2. advising the Minister on matters related to data protection;
3. disseminating information to the public in relation to, among other things, the operation of the Act; and
4. preparing and disseminating guidelines that promote good practice to be adhered to by data controllers.

Celia Barclay was appointed as the Information Commissioner by the Governor General after consultation with the Prime Minister and the Leader of the Opposition pursuant to Part 1 of the First Schedule of the DPA on December 1, 2021 to give strategic oversight to the establishment and operations of the Office of Information Commissioner in keeping with the Act. By Appointed Day Notice published in the Jamaica Gazette on 30 November 2021, Sections 2, 4, 56, 57, 60, 66, 74 and 77, and the First Schedule of the Act were also brought into operation as of 1 December 2021. These sections make provision for the operationalisation of the OIC, its oversight and reporting requirements, the regulations, data-sharing codes, and international cooperation.

With the appointment of the Information Commissioner and the publication of the Appointed Day Notice, certain powers, duties, and responsibilities conferred on the Commissioner by the Act were brought into effect. Also brought into effect was Section 76 of the Act which provides for a two-year transitional period for data controllers to implement the necessary measures to ensure their compliance with the provisions of the Act including for registration with the Commissioner, the appointment of an appropriately qualified data protection officer, if required, and compliance with the 8 data protection standards to be applied in processing personal data.

As data breaches become more prevalent and security concerns increase, the need to ensure data privacy and security becomes ever more important especially for government organizations and businesses, particularly for international trade and promoting investment. The Information Commissioner aims to create a robust regulatory regime which will foster stakeholder buy-in while ensuring the quick and effective investigation of complaints and prosecution of contraventions.