Bob Siegel Highlights Layers of an Effective Compliance Cycle at UTech, Jamaica International Data Protection Symposium

Bob Siegel Highlights Layers of an Effective Compliance Cycle at UTech, Jamaica International Data Protection Symposium

(L-R) Sharing a photo moment during the staging of the UTech, Jamaica International Data Protection Symposium on Tuesday, January 28, 2025 at the Papine Campus are Pro-Chancellor, Mr. Aldrick McNab, Dr. Kevin Brown, President, Miss Celia Barclay, Information Commissioner, Mr. Bob, Siegel, President and Founder, Privacy Ref, Dr. Nadine Maitland, Senior Lecture, School of Computing and Information Technology along with Data Protection Officer, Mr. Andray Lawrence and Mr. Godfrey Sterling, Head, Jamaica Cyber Incident Response Team, Office of the Prime Minister.


Global data protection expert and President and Founder of Privacy Ref, Bob Siegel,  urged local leaders to  establish a structured “compliance cycle” within their organizations to safeguard client data and ensure compliance with Jamaica’s Data Protection Act 2020. Siegel shared this advice as he delivered the keynote address to a capacity audience of leaders from government agencies, academia, public and private sector organizations at the University of Technology, Jamaica’s International Data Protection Symposium on Tuesday, January 28, 2025 at the institution’s Papine Campus. 

The symposium coincided with the observance of Global Data Privacy Day and was hosted under the theme, “Your Privacy Programme and You: Bridging the Gap, Navigating the Next Steps in Data Privacy.” It brought together stakeholders to share strategies for building sustainable programmes under the Data Protection Act.

 

Layers of an effective data compliance cycle

Keynote speaker, Bob Siegel, President and Founder, Privacy Ref delivers the keynote address to the audience at the University of Technology, Jamaica’s International Data Protection Symposium on Tuesday, January 28, 2025 at the institution’s Papine Campus.

In his address Bob Siegel told attendees that an effective compliance cycle “will end up driving your privacy programme” which he highlighted consists of three layers – “policies and procedures, training and awareness and compliance and verification.” He gave the following breakdown for each stage of the cycle.

 

Policies and procedures

Siegel explained that “This is the ultimate starting” of the data compliance regime. It entails:

  • Familiarizing yourself with “regulations, statues and other external factors that are pushing you to do the privacy work.”
  • Becoming acquainted with jurisdictional and industry specific standards, customer and vendor contracts, business and services expectations as well as cultural and national values.
  • Structuring your organization’s data policies making them identifiable with the necessary legislations, statues, industry standards, national and cultural values.

 

Training and Awareness

Siegle noted that training and awareness is a necessary component of the compliance cycle allows for:

  •  Engagement and sensitization of data subjects, data processors and data controllers about the company’s privacy policy.
  • The elimination of the risk of data privacy breach by people, who, without active sensitization and promotion, “don’t read the policies.”
  • The fostering of mutual learning environments where stakeholders can receive feedback and strengthen their privacy policies.


Compliance and Verification

According to Siegel’s model, this final stage of the data compliance cycle tests whether a company’s privacy policy and associated enforcement strategies have met the requirements of jurisdictional and other legislative acts and “is where many organisations drop the ball.”

It entails:

  •  Implementing and enforcing the orginisation’s privacy policy.
  • Employing useful evaluation methods such as attestations, assessments and audits to evaluate the success of the company’s data protection policy and strategies.
  • Analyzing key performance indicators (KPIs) such as breaches, inquiries, complaints along with the number of records held or destroyed, privacy impact assessments (PIA) to determine compliance trends and the effiency of the data protection policy.

 

Corporate Culture and data Privacy

L-R: Engaging in a light conversation ahead of the International Data Protection Symposium on Tuesday, January 28, 2025 at the University of Technology, Jamaica are President, Dr. Kevin Brown, Miss Celia Barclay, Information Commissioner, Mr. Bob Siegel, President, Founder, Privacy Ref and Mr. Aldrick McNab, Pro-Chancellor, UTech, Jamaica.

 

Siegel also encouraged data controllers to consider the kind of corporate culture that exists within their organisations as they aim to establish and enforce meaningful data privacy policies.

He noted that it is essential for the corporate culture to be supportive of the privacy culture.  Therefore, leaders must assess whether there are “different generations that are involved that must work with personal information” in the company.  “Different people of different profiles have different support for your privacy programme” Siegel told the audience. Considering this, he recommended that leaders make room for tweaks in their training and awareness as well as in their implementation and enforcement strategies “to change people’s perspective to forego what they believe about privacy and adopt what the organization believes.” He stated that one of the most effective ways to accomplish compliance is by breaking down laws and regulations into simple transparent requirements starting at a departmental level and in a language that is easily understood. He also highlighted that employees have their own data privacy expectations. As such, departments such as Human Resources must communicate clearly to current staff and prospectives employees how their personal information will be handled from the outset.

 

Data Privacy in Cyberspace  

Noting the ubiquitous nature of data in present time, Dr. Kevin Brown, President, University of Technology, Jamaica shared, “we are fully aware of the need for heightened attention to data privacy in today’s fast-paced information-sharing world. As the nation’s STEM university, we are dedicated to leveraging science technology, engineering and mathematics to tackle societal challenges including data privacy with the aim of reinforcing public trust.”  He added that “Since 2023 with the enactment of the Data Protection Act, we have been at the forefront supporting government to aid understanding and compliance around data privacy.”  And with over 100 employees within the education sector also previously receiving training and certification as Data Protection Officers through a UTech/e-Learning Jamaica partnership, Dr. Brown said there are evolving calls for collaboration with the private and public sector “to ensure that we enhance the data privacy landscape.”  Dr. Brown stated that through the convening of data professionals and other industry experts at the symposium, the university is actively offering solutions to issues such as “identity theft…unauthorized access of information, misuse of personal information and the troubling use of artificial intelligence to manipulate personal images and to misrepresent data.” He called for further collaboration between academia and the public and private sectors to strengthen Jamaica’s data privacy landscape.

Dean, Faculty of Engineering and Computing later invited the attendees to consider UTech, Jamaica for training in various aspects of data privacy compliance.  He noted that the university through the School of Computing and Information Technology is currently looking at offering its Data Protection and Privacy module as a six-week certification course to individuals through the UTechOpen School of Lifelong Learning and Professional Development. He noted that the module looks at topics including policy development and data subjects rights. Professor Thorpe also shared that an Incident Response module is also in the making to be offered as a short course to the public.



Dr. Tameka Benjamin, Assistant Chief Education Officer, Tertiary Education Unit, Ministry of Education, Skills, Youth and Information deliver greetings at UTech, Jamaica’s International Data Protection Symposium on Tuesday, January 28, 2025.

 

Dr. Tameka Benjamin, Assistant Chief Education Officer, Tertiary Education Unit, Ministry of Education, Skills, Youth and Information, shared that the implementation of the Data Protection Act 2020 has set a new benchmark for how educational institutions manage personal information. She noted that the Ministry has developed “a comprehensive approach to data protection across the sector.”  She also stated that the Ministry will soon be launching a public education campaign focused on “demystifying the complexities of data protection for our teachers, our parents and students, ensuring that everyone understands their role in safeguarding personal information.”

 

Implementation and enforcement gaps

While commending the UTech, Jamaica team for doing its part to drive awareness and compliance with the Data Protection Act, Miss Celia Barclay, Information Commissioner, acknowledged that “Jamaica’s Data Protection regime is still in a nascent state.” She announced that the Office of the Information Commissioner will increase its vigilance on implementation and enforcement activities as “data controllers are still, for the most part, not ready for compliance and data subjects remain largely unaware of the DPA and the rights they have under it.”

To address this, Miss Barclay shared that her office will further prioritize education and host sensitization initiatives including a Data Privacy Conference on February 19. Notwithstanding the various sensitization gaps to be filled, Miss Barclay emphasized that “compliance should not be due to fear of enforcement, but rather to a commitment of building trust and maintaining integrity by doing what is right for data subjects and what is required by law.


Mr. Andray Lawrence (right) Data Protection Officer, University of Technology, Jamaica shares his thoughts on current data protection practices in Jamaica during a panel discussion during the International Data Protection Symposium held inside Lecture Theartre 50 at the university’s Papine Campus on Tuesday, January 28, 2025. Other members of the panel (l-r) are: Dr. Patrick Anglin, Data Protection Officer, University of the West Indies, Mr. Bob Siegel, President and Founder, Privacy Ref, Dr. Nadine Maitland, Senior Lecturer, School of Information and Technology, UTech, Jamaica and Mr. Godfrey Sterling, Director, Jamaica Cyber Incident Response Team.

 

During a panel discussion, symposium organizers Mr. Andray Lawrence, Data Protection Officer, UTech, Jamaica and Dr. Nadine Barrett- Maitland Senior Lecturer, School of Computing and Information Technology reinforced the importance of collaboration in data protection. “Privacy is a shared responsibility…you bring people in by saying, we have to protect our company’s reputation” Lawrence stated. Adding that today’s data is “the gold” which everybody needs, Dr. Maitland reminded the audience to “remain vigilant and ensure that we are conforming to the standards and the regulations and try to factor privacy in all of our processes.” She also encouraged attendees to, “ensure that we are aware of what we are supposed to be giving, doing and how our data will be handled.” The panel discussion also included contributions from industry experts Godfery Sterling, Director, Jamaica Cyber Incident Response Team, Dr. Patrick Anglin, Data Protection Officer, University of the West Indies and Mr. Bob Siegel, President and Founder, Privacy Ref.

- END-

Contact:

Michelle Beckford (Mrs.)
Corporate Communications Manager
Corporate Communications Unit
Advancement Division
University of Technology, Jamaica
Tel: (876) 970- 5299
Email: mbeckford@utech.edu.jm