Cayman Islands: Privacy and Data Protection-related Laws

Certain data protection rights are protected by:

  • The Data Protection Law, 2017 - major Data Protection regulatory law
  • The Freedom of Information Law, 2015 gives the public a general right of access to official documents. It will not apply to the records held by the Cayman Islands Monetary Authority, or to exempted companies.
  • The Confidential Relationships (Preservation) Law (2009 Revision). This Law has application to all confidential information with respect to business of a professional nature which arises in or is brought into the Islands and to all persons coming into possession of such information at any time thereafter whether they be within the jurisdiction or thereout.
  • The Computer Misuse Law (2015 Revision), regulates data security and access to information, describes violations and related penalties.
  • The Information and Communications Technology Authority Law (2011 Revision) describes provisions and regulations on Information and Communications, power of Authorities, their duties, license issuances, control measures etc.

Privacy - there are well-established mechanisms for cooperation with law enforcement agencies, both locally and overseas, to assure the highest standards of probity throughout Cayman’s financial industry. Within this framework, protection of the legitimate interests of clients is safeguarded. The Registrar is able to release on enquiry only the name, type of company, the date of registration, the address of its registered office, and the status of the company. Except where assistance to law enforcement agencies to combat illicit activity is mandated or authorized, disclosure of information by government officials, professional agents, attorneys and accountants and their staffs is prohibited.

Data Protection Law

On 27 March 2017 the Data Protection Law, 2017 (Law) was passed by the Legislative Assembly of the Cayman Islands. The Law will be enacted in 2019.

The Law applies to any data controller (A person, firm or company who, alone or jointly with others, determines the purposes, conditions and manner in which any personal data is, or are to be, processed) in respect of personal data (a) that is established in the Cayman Islands and the personal data is processed in the context of that establishment; or (b) that is not established in the Cayman Islands but the personal data is processed in the Cayman Islands otherwise than for the purposes of transit of the data through the Cayman Islands. Under the Law, all data controllers are required to comply with the data protection principles that relate to the personal data that the data controller processes.

Privacy policies in Cayman Islands are connected with anti money-laundering and terrorist financing policies. In Cayman the prevention of money-laundering and terrorist financing is addressed by the Proceeds of Crime Law (Revised), as supported by the Money Laundering Regulations and the Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing.

The Money Laundering Regulations require those engaged in “relevant financial business” to comply with certain requirements, including to adopt client identification and verification procedures, record keeping procedures, internal reporting procedures and internal control procedures.

The definition of a relevant financial business includes various types of activities, including the following:

  • acceptance of deposits and other repayable funds from the public;
  • money or value transfer services;
  • issuing and managing means of payment (e.g. credit and debit cards, bankers’ drafts, electronic money);
  • participating in securities issues and the provision of financial services related to such issues;
  • money broking;
  • safekeeping and administration of cash or liquid securities on behalf of other persons;
  • the conduct of securities investment business; and
  • otherwise investing, administering or managing funds or money on behalf of other persons.

Given the breadth of these categories, it is probable that most ICO issuers, exchanges, and smart contracts platforms will be engaged in relevant financial business and required to adopt anti-money laundering (AML) procedures.

Compliance with AML may be required to secure transactions and engage representation by reputable third party service providers. The anonymous nature of cryptocurrencies may present administrative challenges when it comes to implementing the best-crafted AML policies. This conundrum must be addressed by ICO issuers, exchanges, and smart contract platforms at the outset as it represents one of the greatest areas of vulnerability for their businesses. Full texts of privacy & data protection Laws can be found below.


Previous Section Next Section

Have a comment, edit, or item to add? Share your thoughts by commenting below!

comments powered by Disqus