While the very mention of the subject of personal data protection might elicit more than a few yawns from the regulars down at your local pub, this time it will be worthwhile to take notice of the latest consultation document issued by Government on the subject.

The consultation is on proposed legislation that would provide general regulations on protecting personal data from misuse.

Once the legislation is passed it would give Bermuda residents certain rights on how their personal data is handled, stored and distributed, whether electronically or by other means.

The legislation is therefore broader in scope than the data protection Standard for Electronic Transactions, which falls under the Electronic Transactions Act of 1999, which applies only to electronic commerce service providers.

Local industry experts now admit that the Standard for Electronic Transactions is too narrowly drawn. The ministry's Green Paper, ‘The Second Wave', published in February this year, also recognised that it got the process slightly backwards and needed a general data protection law. The committee was established in February, 2003 and has now published its report.

“The data protection legislation should apply to the ‘fair' and ‘lawful' processing of all personal data carried out on the territory of Bermuda, whether electronically transmitted or otherwise; whether by business or Government,” the consultation document states. “The legislation should not be drafted to cover personal data of natural persons in the course of a purely personal or household activity, as well as it should not cover personal data that is processed for the purpose of public security, defence or national security.”

A data protection agency would be established as the regulator to ensure that companies comply with the data protection requirements. Make no mistake the main impetus for the legislation remains, as usual for Bermuda, firmly grounded in business concerns and not in any altruistic desire to protect individual privacy, though that aim would be the end result of any legislation.

Under current legislation personal data held by most businesses, schools, clubs or other organisations is not protected by Bermuda's laws. We can therefore thank the European Union for helping to bring this shocking state of affairs to the attention of Government.

The main concern of Renee Webb and her Ministry of Tourism, Telecommunications and E-Commerce is how to boost Bermuda's electronic commerce sector, which has not been the hottest thing since the insurance industry discovered the Island existed.

At issue is whether Bermuda's electronic commerce sector might be helped if the Island's data protection laws comply with the European Union's Directive on Data Protection. The directive's sensible rules, now in force, do not allow the transfer of data unless the entity in the third country has signed up to a special contract on data protection and is subject to equivalent data protection laws in its own jurisdiction.

A data transfer may also occur between an EU member and another country in cases where residents have given their explicit permission for their data to be transferred. “This certainly affects Bermuda's businesses,” the consultation noted. “As we do not have equivalent legislation, any company requiring data from the EU is going to have to have signed up to a model contract in advance of the data being transferred. The latter as well as being difficult (these are multi-page documents) and potentially expensive, also places a strict liability on the originating company for any data that might be compromised in any way.

There have already been instances on the Island where international businesses have been adversely affected by not being in a position to handle customer information (such a payroll, etc.) from the European Union.”

But the paper notes that before Bermuda makes a “rush to introduce EU-style legislation” it should consider any harm to the Island's ability to attract non-EU businesses here. Some non-EU companies could use Bermuda as a base for their web-transactions with customers, employees or suppliers and may be concerned if there was legislation that allowed data subjects (that is you and me) access to their personal information, the paper noted.

“Indeed, Bermuda could even stand to gain from an environment where companies came here, with respect to transacting customer or employee data, to escape harsh data protection regimes in their base country,” the committee states. Well bring on some of that “harsh” law I say. Government is finally getting some sort of a consumer protection law, though it only applies to personal data. All I'm saying is that the focus should remain primarily on individual rights to their personal data and not protecting on some business model.

As a brief summing up of issues raised on personal data protection, a subject that will be followed in upcoming columns, are: your rights to your personal data, individual privacy and special protection for information held on minors. Another issue addressed by the consultation relates to the rights of employees in ensuring the privacy of their personal e-mails or other communications they make at work. All hugely controversial issues that should be the subject for heated debate, even if they cause a few people yawn. A public meeting is planned for November 10.

The consultation document is due to be published on Government's website within a few days. For now, you can access the Green Paper and other documents and legislation at www.mtec.bm/htmls/e-commerce.

Don't hesitate to send me your thoughts at editoroffshoreon.com

@EDITRULE:

Tech Tattle deals with issues in technology.