DATA PROTECTION IN TCI
Aside from a passing reference to data protection in the Electronic Transactions Ordinance (see below), TCI has no data protection statute. However, a number of other areas of local law are applicable or, in the context of the advice sought, ought to be considered in relation to data protection, confidentiality, and privacy matters. In that respect:-
a. Data protection, privacy, and confidentiality at common law
TCI is a British Overseas Territory and is a common law jurisdiction. Except where local statutes dictate otherwise, or where the case law concerned relates to the interpretation of statutes which do not apply in TCI, the TCI court will follow English court precedent. To that extent, common law regarding rights to confidentiality apply in TCI.
Therefore following Coco v. A N Clark (Engineers) Ltd [1969] R.P.C. 41, an individual would have an action for breach of confidence in TCI in the case of unauthorized disclosure of information where (i) the information is confidential in quality; (ii) was originally imparted to the discloser so as to import an obligation of confidence; and (iii) there is unauthorized use of that information to the detriment of the party communicating it.
Those tests were refined in Attorney General v. Observer Ltd [1990] 1 A.C. 109 such that (i) once information has entered the public domain it can no longer be protected as confidential, (ii) the duty of confidence applies neither to useless information nor to trivia; and (iii) the public interest in the preservation of a confidence may be outweighed by a greater public interest favouring disclosure. In relation to detriment, it may be a sufficient detriment to the consider if the information given in confidence was disclosed to a person whom the confider would prefer not to know if it even though the disclosure would not be harmful to him in any positive way.
b. Turks and Caicos Island Constitution
TCI has a written constitution. Having been introduced only in 2011, it has not been the subject of any reported relevant judicial analysis.
Part I of the Constitution deals with fundamental rights and freedoms of the individual. Article 9 stipulates (subject to certain carve outs which are not material here) that “every person has the right to respect for his/her private and family life, his/her home and his/her correspondence and except with his/her own consent, no person shall be subjected to the search of his/her person or his/her property or the entry by others on his/her premises.”
Taking a broad view, this may imply a right to the non-disclosure of personal data without consent. There has been no reported judicial interpretation of the article and so it is not possible to say what view the courts may take of the article in the context of personal data. However, in an abundance of caution, it would be prudent to obtain consent prior to any disclosure so that it is not unauthorized.
c. Confidential Relationships Ordinance
TCI’s Confidential Relationships Ordinance imposes statutory obligations of confidentiality regarding confidential information with respect to business of a professional nature which arises in or has brought into the Islands, and to all persons who come into the possession of such information (Confidential Relationships Ordinance, section 3(1)). Section 2 of the Ordinance defines “business of professional nature” as including “the relationship between a professional person and his principal, by whatever term the latter may be described, and also the relationship between a bank and a customer of that bank”.
The same section defines a “professional person” as including “an accountant, an attorney (or other legal practitioner by whatever name called), a broker or other kind of commercial agent or advisor, a bank or other financial institution, any public officer or other Government officer or employee and such persons as may be prescribed as being professional persons for the purposes of the Ordinance…” No other persons, or categories of persons, have been so prescribed under the Ordinance.
The whole thrust of the legislation relates to banking and business professionals and it is not relevant outside that arena.
d. Employment Ordinance
TCI has significant employment legislation and regulations designed to protect the interests of employees. However, the Ordinance relates primarily to hiring, firing, vacation entitlement, disciplinary procedures, selection for redundancy, permitted deductions from employees’ salaries, and matters of that ilk. It does not contain specific and material provisions relating to the non-disclosure of information regarding an employee. To the extent that an employer is part of a group of companies whose group data protection regime includes information regarding the TCI group member’s employees, we recommend that, in an abundance of caution, the employer’s TCI employment contracts ought to include a provision giving employee consent to the disclosure of information pertaining to the employee to other members of the employer’s group.
e. Electronic Transactions Ordinance
TCI’s Electronic Transactions Ordinance allows the Governor to make regulations prescribing standards for the processing of personal data, whether or not the personal data originates outside TCI. However, no such regulations have so far been made.
Article by Owen Foley
Misick & Stanbrook
September 2014
Click here to download a copy
The information provided in this article does not constitute legal advice and is not intended by the authors or Misick & Stanbrook to do so. Before relying on any information or opinion in this article you ought first to obtain advice on your particular circumstances from your Misick & Stanbrook professional.