By John Ridgway, Dirk Heinz and Brad Phillips
In comparison with most of the world, coordinated data protection and privacy legislation in the Pacific is relatively unsophisticated – in fact, it is pretty much non-existent. With this in mind as a starting point, can companies operating in key sectors such as telecommunications and banking in the Pacific do what they want with confidential customer information and data? Of course not!
Businesses who collect, store and use personal information of consumers in Pacific jurisdictions are likely to be bound by:
(a) a common law duty of confidentiality; and
(b) obligations contained in local telecommunications/banking legislation.
Generally, the obligations contained in local telecommunications/banking legislation will mirror common law confidentiality obligations.
What is the common law duty of confidentiality?
The general position is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent: where required by law; or if it is in the public interest to disclose such information. Each of the jurisdictions considered in this article is a common law jurisdiction, and businesses in those jurisdictions will be bound by their common law duty of confidentiality.
General comment regarding legislation specific to telecommunications and banking
Generally, local telecommunications and banking legislation will impose a duty on operators in those sectors (where such operators are bound by that legislation) to:
protect confidential information;
disclose confidential customer information only in prescribed circumstances (that is, with customer consent or where required by law or by the telecommunications or banking regulator); and
use such confidential customer information for disclosed purposes/for the purposes of supplying telecommunications or banking services to the customer only.
Legislation specific to telecommunications service providers/licensees in the Pacific
Legislation specific to banking businesses in the Pacific
As an additional point, the Central/Reserve Bank in all of the aforementioned jurisdictions have broad powers to make prudential guidelines/standards that may also impact upon a banking business’ obligations and duties regarding customers’ personal information.
What are the consequences of non-compliance for an operator?
An operator who fails to comply with its common law duty of confidentiality may find itself exposed to a breach of contract claim by the relevant customer, and that operator may be liable to pay damages.
Breach of an operator’s obligations under the relevant telecommunications or banking legislation may result in:
penalties (which may be imposed on the operator/its officers);
remedies being imposed on the operator (in addition to/in lieu of a penalty); and/or
civil liability (resulting in operator/its officers being required to pay damages),
by the telecommunications or banking regulator and/or the relevant Court.
Ultimately, the telecommunications or banking regulators in each of the jurisdictions discussed in this article have the power to amend the terms and conditions of licences or revoke a license altogether for material failure to comply with a licence term or condition, or the relevant telecommunications or banking legislation.
How can we help?
The Pacific Legal Network can assist businesses by:
reviewing customer terms and conditions to ensure that they comply with local legislation and obligations with respect to confidentiality of customer information;
reviewing internal policies and procedures which deal with collection, use and storage of customer information;
advising in relation to requests for disclosure, including assessing the suitability of customer consent, or the validity of an external request for information; and
providing general advice in relation to the privacy of customer information and disclosure under the laws of the Pacific.
For the purposes of this article, we have considered the nature of such obligation in Fiji, PNG, the Solomon Islands, Vanuatu and Samoa.