It feels like the right time to bolster Barbados’ existing regulatory platform which guides a healthy domestic and international financial services sector.

Sound privacy legislation provides protection, consistency, controls and supervision while advancing the stability of the financial system.

Shouldn’t we all naturally be concerned about how our personal information will be maintained? Have you paused lately and asked yourself – is my information safe, secure and who can get access to it?

Consent within privacy legislation is a key issue as it controls how commercial businesses may or may not obtain and use your personal information. What is most important here is that express consent is needed before your information can be “re-used” for another purpose. For example, if you buy an automotive part, they should not be able to turn around and share your information with an insurance company to market you.

Now that the Foreign Account Tax Compliance Act (“FATCA“) is in force, a mammoth information dragnet requiring the exchange of information between countries to ensure tax obligations, this is yet more financial and personal information floating about. It may be transmitted over various channels, reported to other agencies (BRA & IRS) and retained on file for at least 6 years.

Let’s look at the bad things that can happen with your information. How many large-scale data breaches have we learned about in the media in the last several years? You may recall hearing the stories or at least recognize some big names, such as:

  • Ebay – 145 million records
  • Heartland Payment Systems – 130 million records
  • Target Stores – 110 million records
  • Sony Online Entertainment – 102 million records
  • JP Morgan Chase – 76 million records
  • Epsilon – 60 to 250 million records
  • Home Depot – 56 million records
  • Adobe – 36 million records

It just takes one slip!

Yet, without proper guidance and requirements in Barbados it is unclear how the affected parties involved would fair if there was to be a cyber-security risk or breach here.

Furthermore, it is one thing to be proactive and implement preventative controls. However, it bears just as much importance that the reactive procedures and controls be well-established and designed to act with speed, importance and notification to affected parties. In many developed jurisdictions, these requirements are spelled out in legislation and guidelines.

While not everyone is a proponent of more rules to follow, when it is the right piece of legislation it lends stability and credibility to the nation. It does not need to be long or onerous, it purely needs to be effective.

Why comply? A data breach is a potentially huge hit to your organization’s reputation.

The following is a sample of countries that have enacted legislation to govern data protection:

  • Bahamas
  • Australia
  • Costa Rica
  • United Kingdom
  • Curacao
  • Canada

If you are setting up a business in Barbados, you want to know that your information is stored in a confidential and secure manner, both for yourself and your clients.

Sound privacy practices, confidentiality and data management is good business.

About the Author

Glenna Smith
Glenna Smith -

Glenna Smith is Managing Director of Smith Compliance Consulting (SCC) Inc. in Barbados as well as a Certified Anti-Money Laundering Specialist and the Vice-President of the Barbados Association of Compliance Professionals. Glenna is a member of the world wide AML Training faculty for a Global Bank to facilitate interactive training sessions for staff and the importance of fighting financial crime. Glenna has worked as a Compliance Officer facing regulators and managing inspections. She has gained wide and in-depth knowledge in compliance, operational risk, corporate governance and legislative matters over 28 years in the financial services sector. Glenna has authored a number of articles on AML, Governance, FATCA and Privacy and speaks regularly at conferences regionally and internationally.