Departments, Specialised Units and Centres Highlights
University Data Protection Office
The University Data Protection Officer continued managing the Data Protection Policy Implementation Project. The intention of the project is to promulgate the Data Protection Policy across the University and is divided into two phases:
- Phase 1 – July 1, 2020 to March 31, 2021; and
- Phase 2 – June 1, 2021 to July 31, 2023.
The purpose of Phase 1 was to conduct an in-depth situational analysis of the University to determine what currently exists in respect of its privacy practises.
The UWI Data Protection Policy (DPP), which is based on the stipulations of the most rigid regulations that might reasonably affect the University, provides the target – the standard to be met. Phase 2 involves implementing some of the actions identified from the gap analysis conducted during phase 1.
University-wide Awareness-building in respect of Privacy and Data Protection
The UDP Office oversaw the activities to mark Data Protection Day on January 28, 2022.
A major activity was a webinar, held in collaboration with WIGUT (Jamaica). Topics included:
- Data Protection: What is it?
- The new environment and its requirements
- How the new paradigm will affect you: your rights and responsibilities
Conducted Data Privacy Month Activities – February 1 – 28, 2022
Virtual “Lunch and Learn” sessions conducted with staff and students across all campuses
Data Protection Impact Assessment started
The University of the West Indies (The UWI) made clear, via the approval of the University Data Protection Policy on February 14, 2020, its commitment to safeguarding the privacy rights of individuals whose personal data it processes. This important move demands closer internal scrutiny of the University’s personal data processing (acquisition, creation, usage, storage and disposal) practises.
Assessing how data privacy is managed – a Privacy Impact Assessment (PIA) – is a good practise, one which most organisations embark upon to scrutinize and evaluate the risks associated with their internal privacy practises. From the outside, some of The UWI’s contributing countries require that a Data Protection Impact Assessment (DPIA), similar to an internally driven PIA, be conducted under certain specified circumstances. This DPIA, similar to an internally driven PIA, is the responsibility of The UWI as a body corporate and therefore must be undertaken by the various functional areas across the institution.
The University Data Protection Office (UDP Office) recognising the challenges posed to functional areas and, as a part of its mandate, is keen to provide assistance and support to conduct the required DPIA along with any internally driven PIAs. Several functional areas were selected as DPIA pilots, after which organisational templates will be developed for functional areas across the wider University to use in later periods. The functional areas selected as pilots were:
- Alumni Relations – via the Institutional Advancement Divisions
- Bursary (Campus Bursaries and The Office of Finance) has been selected as one of the functional areas for pilot.
- Human Resources Management (Campus HRMDs and Office of Administration).