Your personal data is an invaluable asset that can easily fall into the wrong hands, particularly when it is in electronic form. It is important to realise that even when you just click on a Google search result, a Facebook status, or order an item on Amazon you are generating data about yourself. There are two basic risks. The first is that hackers may attempt to steal your information from a database held by a business or public authority. The second is that it may be on a device that is inadvertently lost. Fortunately, we have new legal rights and protections under the Data Protection (Jersey) Law 2018 that specifically address the risks to our privacy lurking in our current highly digitised world. The new law gives us more control over our personal information that government and business hold.
If you are unsure of what information a business has about you, you have a right to ask to see it. If you do not like how a business is treating you or your information, you can take all of your information from them and give it to another business. You also have a right to have your personal information deleted. This has helped some people to get their information removed from the internet. For those of you who do not like computers making decisions about you, the law gives you the right to object to automated-processing of your personal information. You can also object to the use of your personal data for direct marketing or historic or scientific purposes. In addition, to keep your health information out of the hands of businesses, the law nullifies any contracts that require you to supply your health care record.
If you need help exercising these legal rights, contact us at the Jersey Office of the Information Commissioner. Our role is to ensure that government and businesses follow the law. We have the power to investigate and resolve complaints from individuals regarding the processing of their information.
These legal remedies and protections are one method of protecting your information. As individuals, we can also take simple yet effective steps to keeping our personal information safe. We recommend that everyone take the following advice to avoid identity theft, financial loss and emotional trauma. My team and I at the Office of the Information Commissioner recommend that you:
It is also important to destroy securely any paper documents that contain your personal information. Even something as apparently innocuous as an airline-boarding pass contains a personal identifier that is linked to other personal information on an information system, including passengers’ names, the contact data of a person who booked the flight, date of birth, passport data and payment information (like a credit card number).
In conclusion, if you want to keep your personal information safe, you need to be your own information commissioner. That is to say that you should be aware of how government and businesses are processing your personal data. You should question them when you think they are collecting more data than you think they need, or when they using or disclosing your data for purposes to which you did not consent. The new law gives you rights to hold them to account. Make sure you understand those rights and exercise them when necessary.