Jersey's government found to have breached data protection law again

Of the four biggest breaches investigated by Jersey's Information Commissioner, three have been at government departments. Credit: ITV Channel

Jersey's government has been found to have breached the island's data protection law again.

The Information Commissioner has issued a public statement criticising the Customer and Local Services department after an islander complained about how their request for personal information was dealt with.

Since the data protection law was brought in 2018, the commissioner has only publicly commented on four serious failings - three of those were by the government.

Under the law, islanders have a right to know what information organisations hold about them.

In this case, the JOIC said the government was too dismissive of the person who asked for their information, took too long to respond, incorrectly redacted details, and was unable to locate all the information required.

The commissioner also said the staff dealing with the request weren't properly trained, and the government didn't have appropriate systems in place.

What rights do people have when it comes to their personal information?

Under the island's data protection law, organisations have to use information lawfully, fairly and transparently. People also have the right to see what information organisations hold about them, and to have it corrected, erased, or limit how it is used.

You can find more about your rights on the JOIC website.

Commenting on the latest breach, Anne King - the JOIC's Operations Director said: "This department has a “touch point” in every islander’s life and holds personal information about all islander’s lives - including health, education, business, and taxes"

She added that if the breach had happened at a private business, a "significant fine" would have been handed down.

However, under the island's data protection law, financial penalties cannot be imposed on public authorities - including the government.

Ian Burns, the Chief Officer at Customer and Local Services said: "We take our Data Protection responsibilities seriously and it is very disappointing that we have not handled this customer’s subject access requests correctly.

"I have apologised to the customer personally.  We have co-operated fully with the Jersey Office of the Information Commissioner regarding this complaint and have taken immediate action to improve our service for subject access requests in accordance with their recommendations."

Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To Know...