The Jersey Office of the Information Commissioner has confirmed that Jersey firms may disclose personal data to the United States Securities and Exchange Commission (SEC) in appropriate circumstances.
The United States Securities and Exchange Commission (SEC) sought confirmation from the Information Commissioner that Jersey firms who register with the SEC would be able to transfer personal data necessary for regulatory oversight of their registration.
Information Commissioner Dr Jay Fedorak has responded in a letter (see below) to Acting Chair of the SEC Allison Lee indicating that the Data Protection (Jersey) Law 2018 authorises transfers that comply with all of the conditions stipulated in paragraph 9 of Schedule 3. These include limiting the personal data transferred to that which is necessary for the regulatory purpose and notifyng affected data subjects and the Jersey Office of the Information Commissioner of the transfer.
The SEC currently is not accepting new registrations from jurisdictions, including Jersey, that have adopted GDPR-based data protection laws, pending confirmation that these laws will not inhibit its regulatory functions. The SEC is currently considering this letter as part of a process of determining whether to permit new registration from Jersey firms. The UK Information Commissioner’s Office has sent a similar letter on behalf of the UK data protection law.