In a February 5, 2025, article published in The Jamaica Gleaner titled Data Privacy in Jamaican Schools, concerns about data privacy practices in Jamaican educational institutions were brought into sharp focus. The piece highlighted the risks tied to collecting, storing, and managing sensitive student and staff information, emphasising the urgent need for stronger regulatory oversight and security measures.
These concerns are not unique to Jamaica. In Barbados, we operate under a similarly robust Data Protection Act, which mandates the safeguarding of personal information, especially when it involves children. Under our legislation, data related to minors is classified as especially sensitive and must be managed with heightened security and strict adherence to legal and ethical standards.
With the increasing reliance on digital tools and online platforms—a trend accelerated by the COVID-19 pandemic—schools now handle larger volumes of sensitive data than ever before. However, many institutions still struggle to implement adequate data protection measures, leaving them open to breaches, unauthorised access, and data misuse.
The article further highlighted several critical areas of concern, including:
Inadequate cybersecurity infrastructure – Many schools lack robust security measures, making them susceptible to cyber threats such as hacking, phishing attacks, and ransomware.
Absence of comprehensive data privacy policies – Without well-defined guidelines, schools may unknowingly mishandle personal information, increasing the risk of non-compliance with data protection laws.
Limited awareness among educators and administrators – Many school officials are not adequately trained in data privacy best practices, leading to gaps in how information is collected, stored, and shared.
Regulatory compliance challenges – Some institutions may be unaware of or fail to fully comply with existing data protection regulations, exposing students and staff to potential privacy violations.
One area of concern I have is the increased use of security cameras in schools without a clearly defined CCTV policy. Don’t get me wrong—I fully support enhanced school security, especially given recent events. However, it must be implemented with careful regard for the law. When introducing new technology, schools must be aware of their obligations to comply with both cybersecurity and data privacy law.
The Barbados Data Protection Act outlines the purpose, use, storage, and oversight of sensitive data, including biometric information such as images and voice recordings. While surveillance can certainly improve security, the absence of a structured framework for CCTV systems presents significant privacy risks. Without clear policies, individuals with access to footage could misuse it, potentially infringing on the privacy of students and staff. Many people may not realise that modern CCTV cameras can record video as well as audio, meaning nearby conversations could be captured without their knowledge.
Proper oversight is essential to ensure that security cameras serve their intended purpose—protecting school communities without infringing on personal privacy rights. Experts and stakeholders quoted in the article emphasised the urgent need for proactive measures to address these gaps, including:
Strengthening regulatory frameworks to ensure schools meet the highest standards of data security and compliance.
Implementing mandatory training programmes for educators, administrators, and IT staff to improve awareness and best practices in data privacy management.
Developing clearer guidelines and policies to govern how student and staff data is collected, stored, and shared within the educational sector.
Launching public awareness campaigns to educate parents, teachers, and students about the importance of data protection and their rights under the law.
I would personally add the recommendation of introducing CCTV policies that clearly define where cameras are placed, who can access the footage, how long recordings are retained, and the measures in place to prevent unauthorised use.
While most discussions around data privacy focus on technology misuse—often because it’s easier to manipulate data digitally—violations can also occur in traditional, offline settings. Untrained staff members may inadvertently share confidential information through casual hallway conversations, misfiled paperwork, or mishandled devices. This “analogue” component is just as critical as digital security. To mitigate these risks, schools must offer comprehensive training that covers both technological safeguards and everyday best practices. By cultivating a culture of vigilance and accountability, educational institutions can prevent accidental disclosures and protect sensitive data on all fronts.
The piece concludes with calls for policy reforms and stronger enforcement mechanisms to ensure Jamaican schools meet international data privacy standards. Given the parallels between Jamaica’s and Barbados’ data protection landscapes, these concerns apply equally to our jurisdiction. Schools throughout the region must act swiftly and decisively to protect the privacy and security of student data, ensuring that digital transformation does not come at the expense of fundamental rights and protections.
Additionally, establishing a dedicated data privacy officer (DPO) within our respective ministries of education would centralise oversight, ensure consistent application of data protection regulations, and serve as a focal point of accountability and guidance for schools. This step is crucial for maintaining robust data privacy safeguards and upholding trust within the educational community.
Steven Williams is the executive director of Sunisle Technology Solutions and the principal consultant at Data Privacy and Management Advisory Services. He is a former IT advisor to the Government’s Law Review Commission, focusing on the draft Cybercrime bill. He holds an MBA from the University of Durham and is certified as a chief information security officer by the EC Council and as a data protection officer by the Professional Evaluation and Certification Board (PECB). Steven can be reached at Mobile: 246-233-0090; Email: steven@dataprivacy.bb
The post Protecting student privacy – The urgent need for stronger data policies in Caribbean schools appeared first on Barbados Today.
