New Privacy Laws and Increased Obligations for Local Businesses
There is a new Data Protection Law that now controls how Cayman Islands businesses and the nation’s government agencies manage people’s personal data.
This new legislation was drafted and based upon an internationally recognized set of privacy principles and will provide an outline of rights and duties intended to give people greater control over their personal data. The creation of this legislation is in response to the growing expectation of protections from international corporations and business entities and their clients operating in offshore jurisdictions. These companies have a necessity to have comprehensive data protections and compliance requirements in place.
Any breaches of the new laws could result in penalties up to $100,000 and up to five years in prison. Under the new Data Protection Law there exist requirements to collect personal data and these are guided partly by the new international data sharing requirements. These requirements will now apply to any organization in Cayman that handles people’s personal data. What is defined as “personal data”? Simply put, “personal data” is defined broadlyas any information that allows an individual person to be identified. This data must be processed impartially and lawfully and used for a legitimate purpose that the person or entity has been notified of in advance.
Employers in the Cayman Islands are required to specify the purposes for which their employee’s personal data is collected and with whom that data may be shared. Employers are also required to notify their employees if personal data is distributed to any nations or municipalities outside of the Cayman Islands. Data protection policies should be in line with a business’ structure and must be communicated to employees and monitored to ensure compliance.
Data privacy laws are required in offshore financial centers because these areas are extremely vulnerable to malfeasance and crime.These jurisdictions are vulnerable because, by their nature, they tend to manage and store a vast amount of sensitive personal information. Weak links in the online flow of information between an organization, individuals and outsourced work service providers are easily exploitable in places such as Cayman. Moreover, the prevalence of social media platforms in our society today creates an exploitable increase in online public personal data that can be targeted. Businesses in Cayman should create contractual requirements between the organization and any service provider to ensure that their client’s and customer’s personal data is processed only for authorized purposes and that their data is stored and transmitted securely.
What does this mean for local businesses and government agencies? In short, more paperwork. Real estate firms and financial service providers, for example, will have a greater deal of due diligence required when doing business. They will also have to put forth a greater effort to ensure the collection and storage of their client’s information is safe and secure. As more laws such as the Data Protection Law come into being, it will be increasingly difficult for criminals to access and exploit people’s sensitive personal information.
John has been working as an agent with ERA Cayman Islands for 8+ years specialising in high-end real estate, hospitality and property management. Formerly of Vail, Colorado; John has set down his roots in Grand Cayman. John holds a degree in business law from the University of Saint Thomas.