News

  • Four non-executive directors appointed to the Data Protection Authority Board

    Jersey’s Data Protection Authority has announced the appointment of four outstanding non-executive directors to the board overseeing Jersey’s Office of the Information Commissioner (JOIC).

    The appointments include Clarisse Girot, who brings significant expertise and experience working in the field of data protection and privacy regulation in Europe and Asia as well as cross boarder data flows, Dr David Smith who formerly served as Deputy Information Commissioner to the UK Information Commissioner’s Office, Gailina Liew, who has expertise in ethical implications of new technologies, and John Harris, a local financial professional with exceptional experience of both public and private sector organisations.

    Chair of Jersey’s Data Protection Authority, Jacob Kohnstamm, said: ‘I am grateful and proud that these highly-qualified individuals are keen to join our team to help guide the JOIC in facing the challenges of Brexit and achieving EU adequacy.’

    The board has been formed as the JOIC transitions towards greater independence from the States of Jersey, in line with requirements of the European Data Protection Regulation – GDPR. The board will support the local office whilst holding it to account, having financial and strategic oversight. It will contribute to ensuring that the Island retains its EU adequacy status with a free flow of data.

    The Chief Minister, Senator John Le Fondré, has signed a ministerial decision to appoint the new members of the board. There is a two-week notification period during which the States Assembly has the power to amend the decision.

    The new appointments will be made official after the two-week period and will take up a three-year term of office on Monday, 29 October 2018.

    Jersey’s Information Commissioner, Jay Fedorak, said: ‘These individuals are highly-qualified and well-respected by their peers on the Island and internationally. They bring complementary skills and expertise in data protection internationally, as well as knowledge of Jersey, its culture and its economic sector. I am confident that together we will promote effective and efficient data protection for the people of Jersey.’

    Read more >
  • Information Commissioner urges business owners and employees to uphold the data privacy rights of data subjects

    In light of the recent incident involving the former police officer who breached data protection laws by misusing police computer systems, Jersey’s Information Commissioner urges business owners, public authorities and their employees to ensure that they respect the data privacy rights of individuals.

    Commissioner Jay Fedorak said: ‘When employees inappropriately access personal data on electronic systems intended only for legitimate purposes, such as law enforcement, health care, drivers licencing and other public services, the threat to personal privacy, dignity and well-being can be significant. It is a betrayal of public trust and can undermine public confidence in our institutions.’

    ‘It is crucial that citizens can entrust companies, organisations and public agencies across the island to keep their personal information secure. Data protection laws help ensure that there are appropriate legal protections and remedies against the mishandling of our personal data, which poses substantial risks  in today’s highly-digitised world.’

    ‘Since the law changed on 25 May, local businesses and organisations must comply with higher data protection standards. I would encourage all businesses to develop and implement an effective plan to ensure compliance.’

    Additional information

    To maintain trust and to comply with the Data Protection Jersey Law there is no escaping the following fundamentals;

    • staff training
    • policies and procedures to ensure data security and confidentiality
      • subject access policy and procedures
      • policies on the use of CCTV equipment
      • privacy policies and fair processing statements
      • retention and destruction policies
    • appropriate safeguards for the rights of data subjects
    • register with the Office of the Information Commissioner
    • establish a breach reporting mechanism

     

     

     

     

    Read more >
  • OIC celebrates International Right to Know week

    As part of international Right to Know week, the Office of the Information Commissioner (OIC) is calling on islanders to understand the role they play in promoting a healthy democratic government by being able to hold public authorities more accountable to the public.

    Right to Know week celebrates access to information under the Freedom of Information Law. It aims to make public authorities more accountable by providing the public with a fundamental legal right to obtain copies of records that public authorities hold, or other agencies hold on behalf of public authorities, and that the right information in those records is disclosed.

    ‘We all have a right to obtain information we need to make sound and informed decisions and political choices. Globally, we live in an era of ‘fake news’, communications spin and social media manipulation, and the public’s trust of public authorities in many jurisdictions is low. An active and engaged citizenry with an effective regime of access to information promotes better public policy-making and improves public trust. It is vital that everyone is aware of our right to access important information that affects our daily lives,’ said Information Commissioner Jay Fedorak.

    Jersey’s Freedom of Information law is safeguarded by the Office of the Information Commissioner, which has legal powers to enforce public authorities to comply with the law.

    ‘Public officials are more thoughtful and careful when they are aware that their words and deeds may be subject to public scrutiny. Therefore, to ensure real accountability that will preserve and improve the democratic system of government we all cherish, it is essential that we have a well-regulated system of public access to records of significance. The Office of the Information Commission has an important role to play in helping public agencies to apply the correct interpretation and to confirm to applicants whether they have done so, either in whole or in part,’ added the Commissioner.

    In Jersey, public agencies must make every reasonable effort to respond openly, accurately, completely and without delay. The Freedom of Information law stipulates that public agencies must respond to requests within 20 working days, barring specified exceptional circumstances. Any delay beyond that limit is prejudicial to the interest of the applicant and constitutes a contravention of the law. They must also make an accurate and complete response. However, the law recognises that it is in the public interest that certain information remain confidential or secret.

     

    Read more >
  • OIC to move offices

    The Office of the Information Commissioner (OIC) will move to temporary serviced offices on Wednesday 1st August.

    The OIC’s new address will be:

    Office of the Information Commissioner
    One Liberty Place,
    Liberty Wharf,
    La Route De La Liberation,
    St Helier,
    Jersey JE2 3NY

    There will be some disruption to Internet, email and telephone services, which will be kept to an absolute minimum, during the office move. As such, the office will be closed for one day (Wednesday 1st August) during the move. Full service will resume on Thursday 2nd August.

    The OIC’s email address, website and telephone number will remain the same: enquiries@oicjersey.org / www.oicjersey.org / 01534 716530.

    The OIC has grown out of its premises at Brunel House, where the Commissioner’s office has been based for four years.

    ‘The OIC’s new structure came into effect in May, reflecting the change in data protection laws and the increased remit of the OIC. Liberty Place is an interim measure while we secure long-term office space to accommodate our growing team. We hope to move into permanent office space towards the end of 2018 or early 2019, by which time we will already have increased from seven to nine staff.

    ‘The move to new premises is vital as it will enable the OIC to fulfil its role as an efficient and effective regulator, with the capacity to grow as we recruit more specialist employees to meet the extra workload that the General Data Protection Regulation (GDPR) has created.

    ‘We are looking forward to working with the public and businesses to ensure they are aware of their data protection rights and responsibilities,’ Information Commissioner Jay Fedorak affirmed.

     

     

     

     

     

     

     

    Read more >
  • New Information Commissioner for Jersey announced

    Information Commissioner appointed

    The Office of the Information Commissioner has announced the appointment of Dr Jay Fedorak as Information Commissioner. He will take up the post on 2 July 2018.

    Dr Fedorak will be responsible for regulating compliance with Jersey’s data protection and freedom of information laws. He will also represent the Island internationally on these matters.

    Dr Fedorak has 25 years’ experience in administering freedom of information and data protection legislation in the public and private sectors. He brings a wealth of international experience to the post, having served as Deputy Commissioner of the Office of the Information and Privacy Commissioner in British Columbia, Canada, since 2012.

    His appointment strengthens the OIC’s existing leadership team. He will work closely with the Chair, Jacob Kohnstamm, as well as with the Deputy Information Commissioner, Paul Vane, who has served as Acting Information Commissioner since February 2018.

    Mr. Kohnstamm said: “I am very happy with the new team of Commissioner and Deputy Commissioner. We have the best of both worlds in Jay and Paul leading the OIC and we will be able to fulfil our tasks with confidence.”

    The Chief Executive of the States, Charlie Parker, said: “Dr Fedorak brings significant expertise to this important role. I look forward to working with him, as well as with the broader leadership team, to ensure that Jersey remains at the forefront of data protection.

    “I would also like to thank Mr Vane, who has ably led the Office of the Information Commissioner for the last six months and has been instrumental in ensuring that the Office of the Information Commissioner, and the Island in general, has been well prepared for our new data protection regime.”

    Dr Fedorak added: “I am honoured to undertake this extraordinary opportunity at an important juncture for Jersey. I look forward to assisting all organisations in implementing the highest standards of data protection for the people of Jersey in ways that sustain the Island’s economic interests. I also thank Chair Kohnstamm and Mr Vane for their continuing exemplary leadership.”

     

    Read more >
  • Joint statement from the Jersey Financial Services Commission and the Office of the Information Commissioner

    The Jersey Financial Services Commission and the Office of the Information Commissioner have released a joint statement regarding the implications for financial services businesses in Jersey following the introduction of the new Data Protection (Jersey) Law 2018, which comes into effect today.

    The purpose of the statement is to reassure financial services businesses that the new rules are compatible with the JFSC’s regulatory requirements, particularly in relation to the security of personal data. The statement also reaffirms the intention of the JFSC and the OIC to work together in supporting organisations moving forward.

    To read the statement in full, please click here.

    Read more >
  • Acting Information Commissioner calls on business owners to face up to their data responsibilities as GDPR and the Jersey laws come into effect

    The Office of the Information Commissioner’s (OIC) new structure, the new Jersey Data Protection Laws and the General Data Protection Regulation (GDPR) all come into effect today, 25th May 2018.

    Acting Information Commissioner, Paul Vane, has called on all business owners in Jersey to ensure they are aware of their data responsibilities and to lean on the OIC for support. GDPR is the first update to the EU’s data laws since 1995 and it reflects the way that our data is used in today’s world. The local Laws reflect the GDPR principles in requiring greater accountability and transparency of data controllers and providing enhanced rights for individuals in respect of how their personal information is handled.

    ‘GDPR is a transformative piece of legislation and businesses must ensure they comply from today. Monumental changes have happened in the worlds of digital and data over the last 20 years or so and we live in a very different world. This is a turning point for data protection laws. With so many digital channels and technological advances, we provide and create more data than ever before and it’s vital this data is treated with respect.

    ‘The protection of our data and ensuring businesses are using our information in a responsible manner is a huge issue that affects businesses large and small. In particular, we need to ensure that individuals understand that their data is a valuable asset and should not be abused by the organisations they entrust that information with. We also need to ensure that all businesses understand that the information they hold belongs to their customers and they have responsibilities to uphold.

    ‘We acknowledge that many local companies will not be fully prepared for the changes that come into effect today. But what is crucial is that these companies have a robust road map and action plan to meet compliance. This is the start of a new beginning and an opportunity to foster a ‘right first time’ approach with the customer as the focus,’’ said Mr Vane.

    The structure of the OIC has changed to reflect the new data protection laws, forging greater independence for the Commissioner and affording greater powers. As part of the new set up, the Data Protection Authority has also now come into effect. Chaired by Jacob Kohnstamm, the Authority will serve as the interface between the Office of the Information Commissioner and government. This structure creates a clear distinction between the Office and government, and underscores the importance of the independence of the OIC.

    Mr Vane said, ‘The new structure enables the Office of the Information Commissioner to operate with uncompromised independence. This will allow for greater accountability and transparency, and ensure the Commissioner is an effective and efficient regulator. This is vital in being able to successfully conduct our role.

    ‘As part of its significant structural transformation and increased remit, the Office of the Information Commissioner has the power to investigate and, where appropriate, fine businesses for abuse of data. Any fines collected will be reinvested back into the public accounts and we hope, where possible, will be used to improve education and awareness in data protection and the island’s digital development.’

    The new data regulation means that the Office of the Information Commissioner will be busier than ever.

    ‘To ensure we can meet the demands of the new legislation and the extra enforcement and educational aspects of our work, the Office of the Information Commissioner will be increasing in size. This will enable us to take a more proactive stance and increase our capabilities both in terms of education and enforcement,’ added Mr Vane.

    To find out more visit the office website at www.oicjersey.org or call 01534 716530.

    Read more >
  • Breach reporting facility added

    Friday 25th May is fast approaching, and in advance of the implementation of the Data Protection (Jersey) Law 2018, the OIC has added a new section on the website home page specifically for breach reporting.

    The online form can be used to submit a breach report, and any follow up information can be sent to us using the breach@oicjersey.org email address.

    To view the form and relevant guidance on breach reporting, please click here.

     

    Read more >
  • UPDATE: Guidance and resources added to OIC website

    As part of its programme of transition to the new GDPR era, the Office of the Information Commissioner has today added the first tranche of guidance, resources, and useful links to its website, together with all the new legislation applicable from 25th May this year.

    We will of course be adding to this page over the coming months, so please keep an eye on any changes. in the meantime you can find the new materials here.

    Read more >