CBP BES imposes a corrective administrative sanction on Public Entity Bonaire for repeated violation of privacy legislation
The Commission Supervision Personal Data Protection BES (CBP BES) has decided to impose a corrective administrative sanction on the Public Entity Bonaire (OLB) with immediate effect. The decision stems from the repeated failure to comply with crucial arrangements regarding the protection of personal data of citizens on Bonaire. Despite repeated warnings, the OLB failed to implement necessary measures, leaving the personal data of citizens still vulnerable to misuse.
Response of the OLB
In a response dated 23 September 2024 to the intention of the Commission to impose the corrective administrative sanction, the OLB indicated that financial resources were made available in 2022 and 2023 to implement the recommendations of CBP BES and that a number of measures were carried out. Nevertheless, the OLB failed to implement all required measures in a timely and complete manner. The OLB gives organisational obstacles as the reason, e.g. the dispersion of civil servants over several buildings and limited working space.
Although the OLB indicates that some progress has been made, including the introduction of access badges and the replacement of non-lockable cabinets, the protection of personal data continues to be severely lacking. This is of concern to the Commission.
Assessment of the opinion
CBP BES is concerned that the personal data of citizens are still insufficiently protected, despite previous warnings and the time provided to implement improvements. The OLB itself acknowledges that the protection of personal data is not ‘optimal’ and that much remains to be done. The information provided so far by the OLB does not provide sufficient confidence that the recommended measures have actually been implemented and that the personal data of citizens will be adequately protected in the near future.
Given the gravity of this situation, the Commission now considers it necessary to effectively impose the previously announced corrective administrative sanction. This measure is aimed at prompting the OLB to yet implement all required organisational and technical safeguards. Failure to do so could lead to further violations of the privacy legislation, with potentially serious consequences for the privacy of citizens.
Unannounced audits
After the expiry of the four-week period, CBP BES will conduct unannounced audits to monitor the progress. These audits are important to verify the extent to which the OLB has taken the necessary measures to protect the privacy of citizens. If these audits reveal inadequate implementation of the measures, the corrective administrative sanction imposed will be collected, which could rise to $90,000.
CBP BES insists that the protection of personal data is a priority for all government organisations. Citizens are entitled to secure processing of their data, and the OLB bears great responsibility in this regard.
Failure to take the appropriate measures could have serious implications for the privacy and security of the citizens of Bonaire, St. Eustatius, and Saba.
The full report and more information are available on the website of CBP BES: www.cbpbes.com