Authority Meeting 29 April 2019

Jersey Data Protection Authority Meeting

MINUTES

12:45 – 17:50 29 April 2019

Jersey Office of the Information Commissioner Offices, Jersey

 

Chairman Present:

Jacob Kohnstamm

Voting Members Present:

Gailina Liew

Clarisse Girot

David Smith

Non- Voting Members Present:

Paul Routier MBE - Advisor

Dr Jay Fedorak – Information Commissioner

In Attendance:

Paul Vane -  Deputy Data Protection Commissioner

Claire Le Brun – Finance Manager

Adrian Hayes – Compliance and Enforcement Manager [& Internal guest speaker]

Anne King  - Communications and Operations [& Note taker]

Guest Speaker:

None

Apologies:

None

 

 

Item

Action

1.0

Chair call to order & welcome.

Board agreed minutes;

·        29 October 2018

·        7 January 2019

Board agreed to post minutes on JOIC website.

Board agreed minutes.

1.2

Board discussed setting up a joint board meeting with Guernsey Data Protection Authority Board.

 

2.0

Board Governance, Operations and Procedures

 

 

2.1

JDPA Corporate Governance Protocol

Board discussed the protocol.

Amendments to casting vote item, role of board in the law, process of decision-making and fines.

Board delegated Article 10 Functions;

·        discussion regarding fining process

·        Information Commissioner confirmed that all formal Decision Notices would be posted in unidentifiable form.

 

Board decided to keep list of possible legislative amendments, where it identifies a need.

 

 

Amendments to be implemented as directed.

 

 

 

 

List of possible amendments to be kept as directed. [See end of minutes]

2.2

Appointment of Auditors

Jersey Office of the Information Commissioner (JOIC) is taking advice on accounts format in order to send out draft invitation to tender for auditors.

 

Finance Manager confirmed that JOIC will be implementing a new finance system on 1 August 2019 and will be running a dual system until beginning 2020.

JOIC to confirm that Government of Jersey organising 2018 auditors.

2.3

JDPA Oversight of Freedom of Information (FOI) Functions

 

Following a discussion covering appeals, tribunals and FOI expertise, the Board decided not to seek further formal oversight of the FOI functions of JOIC.  

Chair to explain issue to the Minister but not recommend change.

2.4

Conflicts of Interest Policy

Board discussed declaration of interests register.

Board members to ensure complete entries in the register.

3.0

Upcoming Board Events

 

3.1

States Assembly Lunch – the board discussed the agenda and seating arrangements for the States Members.

 

3.0

JOIC Update – Commissioner

 

3.1

Performance Statistics

The Compliance and Enforcement Manager presented the first quarter case statistics to the board. Current number of cases 143 between three caseworkers.

JOIC looking to improve on completing cases duration and closing down cases. 

The board received a brief overview of Case Data.

JOIC confirmed that breach data is being tracked, including how many require data subject notification.

Board discussed ‘risk’ and caution – are Data Controllers being over cautious in reporting breaches and what are the risks to data subjects. 

 

 

 

3.2

Financial Performance

The Finance Manager highlighted the financial outcomes for Q1 2019. Board discussed frequency of reports.

 

Board decided to receive quarterly financial reports.

3.3

Staffing Update

The team has now been strengthened with offers made to both a Communications Officer and a Finance/Accounting Officer.

Allowing JOIC to increase public awareness and governance. The addition of a junior caseworker will give compliance additional resource for complaint and breach investigations.

Further discussions took place regarding the role of digital/policy and legal.

 

New positions and offers approved by the Board.

 

 

Board agreed JOIC to look for a legal & policy adviser and employ IT on an ad hoc basis.

3.4

New Office Update

New office refurbishment delivered under budget. All very happy with the results.

 

3.5

Strategic Plan

Board discussed the updated document and made additional suggestions regarding content, linking objectives and metrics, SMART measurements.

 

JOIC to amend Strategic plan for discussion at August meeting. Strategic Plan to be on quarterly Board Agenda.

 

4.0

Proposed Revenue Model Update – Deputy Commissioner 

Deputy Commissioner presented new revenue model proposal to the Board. New model to be discussed with stakeholders.

Proposed new model to go out to public consultation in June/July.

 

 

 

JOIC to update Board on consultation responses.

 

5.0

Any other business

5.1 The Board accepted the 2018 Annual Report.

5.2 Agreed to try to plan 2020 board dates to coincide with Guernsey Data Protection Authority. Including discussions regarding the memorandum of understanding with Guernsey.

5.3  New board member was discussed.

Invite Commissioner Martins and Guernsey Board Chair to Jersey – propose 2 dates.

6.0

The Compliance and Enforcement Manager shared an update with the Board on an ongoing enquiry, giving background as to how JOIC investigate a complex case.  

JOIC to establish a separate reporting category for case data to identify where JOIC rather than complainant initiates an investigation.

7.0

The meeting closed at 17:50

 

 

List of Items – Law Changes

Responsibility for the JDPA