DLA Piper Intelligence

Data Protection
Laws of the World

Law

Cayman Islands
Cayman Islands

There is no legislative framework currently in force in the Cayman Islands that specifically addresses issues of data protection. The Data Protection Law, 2017 (the Law) was passed by the Legislative Assembly of the Cayman Islands on March 27, 2017, but this and any regulations issued under it are not expected to come into force until some time in January 2019. The precise date the Law will come into force will be set by Cabinet Order.

Notwithstanding the lack of data protection legislation in force, the Cayman Islands does recognise a duty of confidentiality in certain circumstances, under both the common law and, implicitly, the provisions of the Confidential information Disclosure Law 2016 of the Cayman Islands (the CIDL). The CIDL functions primarily to enumerate a non-exhaustive list of instances in which disclosure may lawfully be made. The CIDL also repeals the previous Confidential Relationships Preservation Law (as revised) of the Cayman Islands, which regulated disclosures of confidential information by professional persons and provided, among other things, for criminal sanctions for certain breaches of confidentiality on an extra-territorial basis.

Last modified 27 Apr 2018
Law
Cayman Islands

There is no legislative framework currently in force in the Cayman Islands that specifically addresses issues of data protection. The Data Protection Law, 2017 (the Law) was passed by the Legislative Assembly of the Cayman Islands on March 27, 2017, but this and any regulations issued under it are not expected to come into force until some time in January 2019. The precise date the Law will come into force will be set by Cabinet Order.

Notwithstanding the lack of data protection legislation in force, the Cayman Islands does recognise a duty of confidentiality in certain circumstances, under both the common law and, implicitly, the provisions of the Confidential information Disclosure Law 2016 of the Cayman Islands (the CIDL). The CIDL functions primarily to enumerate a non-exhaustive list of instances in which disclosure may lawfully be made. The CIDL also repeals the previous Confidential Relationships Preservation Law (as revised) of the Cayman Islands, which regulated disclosures of confidential information by professional persons and provided, among other things, for criminal sanctions for certain breaches of confidentiality on an extra-territorial basis.

Last modified 27 Apr 2018
Definitions

Definition of personal data

There is no definition of "personal data" contained in any legislation currently in force.

At common law, information is generally to be regarded as "confidential" if it has a necessary quality of confidentiality and has been communicated or has become known in such circumstances as give rise to a reasonable expectation of confidence; for example if obtained in connection with certain professional relationships, if obtained by improper means, or if received from another party who is subject to a duty of confidentiality.

Definition of sensitive personal data

There is no definition of "sensitive personal data" contained in any legislation currently in force.

Last modified 27 Apr 2018
Authority

There is currently no "Data Protection Authority" in the Cayman Islands. However, when the Law comes into force the Information Commissioner, for the purposes of the data protection regime, will be the person appointed under section 35 of the Freedom of Information Law (as revised), who at present primarily addresses freedom of information issues in the Cayman Islands.

Last modified 27 Apr 2018
Registration

Not applicable for this jurisdiction (see National Data Protection Authority section).

Last modified 27 Apr 2018
Data Protection Officers

There is currently no requirement to appoint a data protection officer.

Last modified 27 Apr 2018
Collection & Processing

There are no statutory provisions currently in force that specifically address the collection and processing of personal information.

At common law, however, it is generally a breach of confidence to misuse or threaten to misuse confidential information. The concept of "misuse" is a broad one, but will often include any unauthorised disclosure, examination, copying or taking of confidential information. The precise scope of the term however will depend largely on the specific circumstances, including the relevant relationship and the nature of the information.

In the context of confidential information received by a professional person in the context of a professional relationship with a principal, the CRPL provides that a person is guilty of a criminal offence where he or she "clandestinely, or without the consent of the principal, makes use of" any confidential information for his or her benefit or the benefit of another.

Last modified 27 Apr 2018
Transfer

Absent a breach of an obligation of confidentiality at common law, there is no specific statutory regulation of the transfer of information from or within the Cayman Islands. For entities regulated by the Cayman Islands Monetary Authority (CIMA), the latter has issued guidance in relation to the outsourcing of core functions by regulated entities to third party service providers that impacts on the transfer, storage and processing of customer confidential information.

Last modified 27 Apr 2018
Security

There are no statutory provisions in force mandating that specific measures be taken to protect against or prevent disclosure or other unlawful use of confidential information. However, a person who misuses or divulges confidential information (deliberately or otherwise) may be liable at common law or under the CRPL.

Last modified 27 Apr 2018
Breach Notification

There are no general requirements to notify any authority or any other person of a breach of confidentiality.

Last modified 27 Apr 2018
Enforcement

A breach of the common law duty of confidentiality may give rise to a claim for, among other things, damages and/or an injunction. These remedies are to be sought through, and enforced by, the courts of the Cayman Islands.

Last modified 27 Apr 2018
Electronic Marketing

There are no specific restrictions addressing the use of confidential information in electronic marketing beyond those generally applicable to the use of confidential information.

Last modified 27 Apr 2018
Online Privacy

There are no specific restrictions addressing online privacy of confidential information beyond those generally applicable to the use of confidential information.

Last modified 27 Apr 2018
Contacts
Nick Bullmore
Nick Bullmore
Partner
T +1 345 749 2000
Graham Stoute
Graham Stoute
Counsel
T +1 345 749 2014
Elaine Gray
Elaine Gray
Partner
T +44 1481 72 72 72
Last modified 27 Apr 2018