Saint Lucia - Data Protection (Amendment) Act No.2 of 2015

SAINT LUCIA

 

No. 2 of  2015

 

ARRANGEMENT  OF SECTIONS

Sections

 

1.    Short title

2.    Interpretation

3.    Amendment of section 1

4.    Amendment of section 2

5.    Amendment of section 5

6.    Amendment of section 6

7.    Amendment of section 7

8.    Amendment of section 11

9.    Insertion of section 12A

10. Amendment of section 34

11. Amendment of section 37

12. Amendment of section 46

13. Repeal of section 48

14. Amendment of section 54

15. Insertion of section 57A

16. Amendment of section 67

17. Amendment of section 71

18. Amendment of section 72

I ASSENT

 

[L.S.]                                                       PEARLETTE LOUISY,

Governor-General. March 31, 2015.

 

 

SAINT LUCIA


 

No. 2 of 2015

 

AN ACT to amend the Data Protection Act, No. 11 of 2011.

 

[ 13th April, 2015 ]

 

BE IT ENACTED by the Queen’s Most Excellent Majesty, by and with the advice and consent of the House of Assembly and the Senate of Saint Lucia, and the authority of the same, as follows:

Short title

1.   This Act may be cited as the Data Protection (Amendment) Act, 2014.

 

Interpretation

2.   In this Act, “principal Act” means the Data Protection Act, No.11 of 2011.

 

Amendment of section 1

3.  Section 1 of the principal Act is amended by -

(a)      deleting subsection (2) and by substituting the following - “(2) Subject to subsection (3), this Act shall come into force on a date to be fixed by the Minister by Order published in the Gazette.”; and

(b)    by inserting immediately after subsection (2) the following new subsection –

“(3) The Minister may fix different dates for the coming into force of different Parts or sections of this Act.”.

 

Amendment of section 2

4.  Section 2 of the principal Act is amended by-

(a)      deleting the definition of “data controller” and by substituting the following -

““data controller” means a person who, either alone or with others, determines how personal data is processed;”; and

(b)    inserting the following definition in its correct alphabetical sequence –

““privacy impact assessment” means an assessment that is conducted to determine if a proposed enactment, system, project, programme, activity or other function meets the requirements of the Data Protection Principles in Schedule 2;”.

 

Amendment of section 5

5.  Section 5 of the principal Act is amended by deleting subsection

(2)   and by substituting the following –

“(2) A person shall be qualified to be appointed as the Data Commissioner under subsection (1) if the person has a minimum of six years training or experience in any of the following fields-

(a)     law;

(b)    economics;

(c)     finance;

(d)    information management;

(e)     information and communication technology;

(f)      accounting; or

(g)    human resource management.”.

 

Amendment of section 6

6.   Section 6 of the principal Act is amended in subsection (2) by deleting the word “budget” andby substituting the word “fund”.

 

Amendment of section 7

7.   The principal Act is amended by deleting section 7 and by substituting the following –

“7. The Commissioner shall not hold any other office of employment which is likely toconflict with the discharge of his or her functions as Commissioner.”.

 

Amendment of section 11

8.   Section 11 of the principal Act is amended in subsection (3)

by –

(a)      inserting a full stop immediately after the word “dollars”;  and

(b)     deleting the words “or to imprisonment for a term not exceeding six months or to both.”.

Insertion of section 12A

9.  The principal Act is amended by inserting immediately after section 12 the following new section -

Privacy impact assessment

12A. (1) The Commissioner may require a department of government to prepare a privacy impact assessment if the initiatives covered by the privacy impact assessment are of a wide scope, or use personal data of a nature that may require the protection of the personal data of an individual.

(2)       A privacy impact assessment shall be in the prescribed form and shall be submitted to theCommissioner for approval.

(3)  Where a privacy impact assessment is submitted in accordance with subsection (2), theCommissioner shall evaluate the privacy impact assessment in accordance with the Data Protection Principles set out  in Schedule 2 and where necessary, make recommendations to the department of government for revision and amendment of the privacy impact assessment.

(4)   A privacy impact assessment approved by the Commissioner shall be implemented by the department of government in the manner directed by the Commissioner.”.

 

Amendment of section 34

10.  Section 34 of the principal Act is amended in subsection (5)

by –

(a)     inserting a full stop immediately after the word “dollars”;  and

(b)     deleting the words “or to imprisonment for a term not exceeding six months.”.

 

Amendment of section 37

11.  Section 37 of the principal Act is amended –

(a)      in subsection (1), by deleting paragraph (c) and by substituting a new paragraph (c) asfollows -

“(c) medical research;”; and

(b)     by inserting a new subsection (3) as follows – “(3) Where –

(a)      an enactment specifically governs the processing of sensitive personal data forhealth purposes; and

(b)     there is an inconsistency between this Act and the other enactment,

that other enactment shall prevail.”.

Amendment of section 46

12.  Section 46 of the principal Act is amended –

(a)      by deleting subsection (1) and by substituting the following -

“(1) A person shall not act as a data controller unless that person is registered as a data controller in accordance with section 47.”;

(b)     by deleting subsection (2) and by substituting the following –

“(2) A person who, without reasonable excuse, acts as a data controller without being registered under this Act, commits an offence and is liable on summary conviction to a fine not exceeding ten thousand dollars.”; and

(c)      by inserting immediately after subsection (2) a new subsection

(3) as follows –

“(3) The Minister may, by Order, exempt a data controller from complying with subsection (1) if the data controller is registered under another Act.”.

Repeal of section 48

13.  The principal Act is amended by repealing section 48.

Amendment of section 54

14.   Section 54 of the principal Act is amended by inserting immediately after subsection (5) anew subsection (6) as follows –

“(6) Where a data controller does not comply with a request made under section 52 by a data subject or relevant person, the data controller shall notify the Commissioner and the data subject or relevant person, of the non-compliance.”.

 

Insertion of section 57A

15.  The principal Act is amended by inserting immediately after section 57 the following new section -

“Employee’s protection

57A. (1) An employer shall not, dismiss, suspend, demote, discipline, harass or otherwise disadvantage an employee or deny that employee a benefit where –

(a)      the employee, on reasonable belief has –

(i)        notified the Commissioner that the employer or any other person has contravened or is about to contravene this Act;

(ii)     done or stated the intention of doing anything that is required to be done in order to avoid having any person contravene this Act; or

(iii)  refused to do or stated the intention of refusing to do anything that is in contravention of this Act;

(b)     the employer believes that the employee will do anything described in paragraph (a).

(2)   Where an employer contravenes subsection (1), an employee is entitled to lay a complaintbefore the Commissioner for determination of the matter.

(3)      Notwithstanding subsection (2), where an employee is dismissed, suspended, demoted, disciplined, harassed or otherwise disadvantaged or denied a benefit in subsection (1), the matter shall be treated as an unfair dismissal in accordance with section 131 of the Labour Act, No. 37 of 2006.

(4)      The Commissioner shall, in conducting deliberations or hearings in relation to an investigation in private under section 28, exempt an employee who acts in accordance with subsection (1)(a) from making further representations on any contravention of this Act.”.

 

Amendment of section 67

16.  The principal Act is amended by deleting section 67 and by substituting the following –

 

“67. Personal data that is processed by an individual is exempt from the provisions of this Act where such processing is done solely for a purpose related to the personal, family or household affairs of that individual.”.

 

Amendment of section 71

17.  Section 71 of the principal Act is amended in paragraph (2)

(a)   by –

(a)     inserting a full stop immediately after the word “dollars”;  and

(b)     deleting the words “or to imprisonment for a term not exceeding six months or to both.”.

 

Amendment of section 72

18.  Section 72 of the principal Act is amended in paragraph (a)

by–

(a)     inserting a full stop immediately after the word “dollars”;  and

(b)      deleting the words “or to imprisonment for a term not exceeding six months, or to both.”.

 

Passed in the House of Assembly this 10th day of March, 2015.

 

PETER I. FOSTER,

Speaker of the House of Assembly.

 

 

Passed in the Senate this 12th day of March, 2015.

 

CLAUDIUS J. FRANCIS,

President of the Senate

 

Previous

Saint Lucia - Data Protection Act 2011
Next

Sint Maarten - Landsverordening-Bescherming-Persoonsgegevens (Nederlands)