Data Protection (Jersey) Law 2005
On December 1st 2005 the Data Protection (Jersey) Law 2005 came into force, bringing
The new law is wider in scope than the 1987 legislation and, for the first time, will include some "manual" records. The prime purpose of the new Data Protection Law is:-
- to safeguard the rights of individuals with regard to their personal information which may be held, stored or processed about them;
- to establish legally enforceable criteria that must be met before any holding or processing of personal information can commence;
- to ensure that organisations and individuals holding or processing such information notify with the Data Protection Authority, declaring the purposes for which the information is being held or processed, to whom it will be disclosed and the security measures to be applied;
- to ensure that organisations and individuals hold and process personal information that is accurate, up to date and only used for the purposes that are described in their notification details to the Data Protection Authority;
- to establish a supervisory authority that can act with independence in exercising the statutory powers entrusted to them by Law.
All firms that store data about other people – even companies that do not need to notify their activities to the Commission – must adhere to eight basic principles of good practice. Any personal data, however it is processed must be:
- Fairly and lawfully processed.
- Processed for limited purposes.
- Adequate, relevant and not excessive.
- Accurate and up to date.
- Not kept longer than necessary.
- Processed in accordance with the individual’s rights.
- Kept secure.
- Not transferred to countries outside the European economic area, unless that country has adequate protection.
The new law also gives individuals certain rights, including:
1. The right to find out what information is held about you on computer and in some paper records (the right of subject access).
2. The right to find out what credit reference agencies report about you and to correct mistakes on such reports.
3. The right to take steps to prevent your personal data being processed if the processing is likely to cause you or someone else to suffer substantial damage or substantial distress which is unjustified.
4. The right to require the data controller not to use your personal data to market you with products, services or ideas.
5. Sometimes individuals or organisations will use a computer to process information about you, in order to take a decision that will affect you e.g. an employer who uses computer scoring of job applications to decide who to interview. In some circumstances you have the right to prevent decisions being taken about you which are based solely on automatic processing.
6. If the data controller is processing inaccurate information about you, you have the right to request that information be amended or destroyed.
7. If you have suffered damage and distress as a result of a data controller failing to comply with the Law you have the right to claim compensation from the data controller.
8. The right to take legal proceedings against a data controller where a solution cannot be reached by writing to the data controller.
The Data Protection Commissioner, Emma Martins, and her team are available to give advice (telephone 502064) and their website http://www.dataprotection.gov.je/ gives a great deal of useful information and guidance on the Law.