Vaz did not breach data privacy rules re Golding – Morris Dixon Loop Jamaica

The content originally appeared on: Jamaica News Loop News

Cabinet Minister Senator Dr Dana Morris Dixon has said that Transport Minister Daryl Vaz did not breach the country’s data privacy rules to provide information relative to Opposition Leader Mark Golding’s passport applications.

Vaz claimed that he received the information from persons inside the Opposition People’s National Party (PNP).

A public row has emerged over recent days relative to the British citizenship of Golding and whether it is appropriate for a leader in such a high office in Jamaica to hold dual citizenship.

The issue escalated on Tuesday with the PNP accusing Vaz of improperly accessing Golding’s private data that is stored at the Passport, Immigration and Citizenship Agency (PICA).

The PNP further claimed that this, (if so), could be a major breach of Jamaica’s new Data Protection Act (DPA).

The PNP in a press release, claimed that Vaz, during a media interview, offered details on Golding’s passport applications and other immigration-related information.

Vaz, on his official X, formerly Twitter, page, has since said that his “source is from deep within the belly of the PNP.

“But, like good journalists, good politicians never call the names of their trusted sources,” added Vaz.

In a newspaper article on Wednesday, Vaz reportedly further responded about the accusations that have been levelled against him by the PNP, and was quoted as saying “Nothing is private or secret” regarding information on public officials.

When asked whether Vaz’s comments could undermine Jamaica’s DPA, Morris Dixon was adamant that the minister did not breach any data privacy rules.

Opposition Leader Mark Golding (left) and Cabinet Minister Daryl Vaz (right).

Morris Dixon, the Minister without Portfolio in the Office of the Prime Minister (OPM) with responsibility for information, skills and digital transformation, is tasked with overseeing the implementation of the DPA.

“We have done a lot of work in promulgating the Data Protection Act, and that was coming out of listening to the people of Jamaica who had legitimate concerns about the privacy of their data,” said Morris Dixon.

She noted that last week in the Senate, she spoke about the Government’s commitment to implementing, on a phased basis, the DPA, beginning on June 1.

“So, I think it is very clear in terms of our action, and also in terms of our utterances, that (there is) strong, deep commitment to data privacy.

“… And I think in the matter that you have raised, he (Vaz) was very… publicly clear, at least on social media, that the information that he received came from a member of the Opposition party,” Morris Dixon stated.

“We have not seen a breach of data in this instance. I believe what he (Vaz) may have been saying when he said that, ‘Nothing is secret,’ is that when you are a public official, there (are) always people who know things about you, and there (are) always people who for whatever reason, may pass information on you,” she posited.

Further, the minister contended that “there is no way” that Vaz would be saying that it is “okay” to breach data privacy because he was the minister who had oversight for the DPA before it came to OPM.

“So, he’s (Vaz) very seized of the rules, and I have no doubt that he would not have tried, in any way, to breach the data privacy rules, because he has been such a critical part of promulgating those rules,” Morris Dixon insisted.

“It’s important that when we have these kinds of discussions, that we don’t build on that low trust environment situation that we have,” she warned.

Meanwhile, the minister said the Government has spent “a lot of money” on data protection and data privacy, and so, no Government entity will be exempt from the Act.

Jamaica’s DPA provides various penalties for non-compliance with the data protection standards and other breaches of the act. These include both fines and imprisonment, which vary depending on the severity of the offence or impact of the breach.

The penalties are imposed on the data controller who is given the obligation of protecting data subjects’ personal data, not on the data protection officer who is tasked with monitoring the controller’s compliance with the DPA.