CBP BES announces intention of an order under penalty to OLB for non-compliance with agreements
The data protection authority BES (CBP BES) intends to impose an order under penalty payments on the Public Entity of Bonaire (OLB). This step has been taken because the OLB did not follow the recommendations of CBP BES and did not comply with previous agreements.
In March 2023, CBP BES conducted an audit at the OLB. This revealed that the clean desk and clear screen policy, part of the policy 'On the way to awareness of information security', had not been adequately implemented. Personal data were not adequately protected as a result.
Despite the report and the set deadlines of the 1st of October 2023 and the 1st of March 2024, the OLB failed to take the necessary measures, or at least failed to adequately inform CBP BES about them. In addition, the OLB failed to provide a substantive response to CBP BES' written questions, which should have been answered by the 22nd of April 2024.
Based on the above, the data protection authority concludes that the policy 'On the way to awareness of information security' has not been properly implemented by the OLB with the result that the OLB does not (yet) comply with adequate organisational and technical protection of personal data at the various workplaces. The committee included recommendations with prioritisation and steps to be taken in the report. These recommendations have not been followed up to date.
The CBP BES therefore intends to impose an order for l penalty payments to enforce the improvements deemed necessary within the OLB in the areas of organisational and technical security and Clean Desk/ Clear Screen policy. An order under penalty is a corrective enforcement instrument available to the CBP BES. It involves a Charge Under Penalty of $15,000 if timely implementation of measures is not achieved, rising to a maximum of $90,000.00 related to the passage of time. This measure is considered appropriate to induce the OLB to still implement the prescribed recommendations and prevent further violations of privacy legislation.
CBP BES stresses that the protection of personal data of residents of Bonaire, St. Eustatius and Saba is crucial.
The full report and more information are available on the CBP BES website: www.cbpbes.com.