Running a Compliant Business
How to Secure Personal Data
Practical, low-cost security steps any Jamaican business can take to meet the Act's security standard.
What you will learn
- What the security standard requires
- Practical, low-cost steps to protect data
- How to reduce the damage if something goes wrong
- Where most small businesses are exposed
Overview
The Act's seventh standard requires you to keep personal data secure against loss, damage, and unauthorised access. The good news is that most effective security comes from straightforward habits, not costly technology. This module gives you a practical starting point.
Why this matters
Security is where data protection most often fails, and where the harm is greatest. A lost laptop, a shared password, or a misconfigured cloud folder can expose hundreds of people. Strong basics protect your customers and your business.
What the law says
The seventh standard (in the security provisions of the Act, sections 22 to 31) requires appropriate technical and organisational measures to protect personal data. "Appropriate" scales with the sensitivity of the data and the harm a breach could cause, so a clinic should do more than a corner shop.
Practical steps
Control who can access data
- Give each person access only to what their role needs.
- Remove access promptly when someone leaves.
- Use individual logins, never shared accounts.
Protect devices and accounts
- Use strong, unique passwords and a password manager.
- Turn on two-factor authentication wherever it is offered.
- Encrypt laptops and phones, and lock screens when away.
Protect data in transit and at rest
- Avoid sending personal data in plain emails or messaging apps.
- Use reputable, secured cloud services and check their settings.
Back up safely
- Keep regular backups, and make sure they are protected too.
- Test that you can actually restore from them.
Reduce the damage if something goes wrong
Good security also means limiting harm when an incident happens. Encryption, least-privilege access, and reliable backups all shrink the impact of a breach. Pair them with the plan in What to Do If You Have a Data Breach.
Common mistakes
- Sharing one login across the team.
- Storing sensitive data on unprotected personal devices.
- Never testing backups until you need them.
Best practices
- Write a short, simple security policy and train staff on it.
- Review access rights regularly.
- Keep software and devices updated.
Put this into practice
See where your current safeguards stand and what to improve first.
Check your complianceFrequently asked questions
Key takeaways
- The seventh standard requires appropriate security for personal data.
- Most strong protection comes from simple habits, not expensive tools.
- Limit who can access data, protect devices, and back up safely.
- Good security also limits the damage when something does go wrong.
