The Trinidad and Tobago Data Protection Act of 2011 aims to protect the privacy of personal data collected and processed by private and public bodies from individuals residing in Trinidad and Tobago. The Office of the Information Commissioner is responsible for the Data Protection Act's enforcement, interpretation, and oversight.
Due to recent events in the region that saw several gigabytes of personal information leaked, the government of Trinidad and Tobago, now more than ever, is seeking to take a firmer stance against cybercrime and enforce the data protection act more rigidly and effectively.
Examine your organization's current security posture and prioritize opportunities to strengthen it.
Focus on critical service delivery components to make the implementation process cost-effective.
Comply with other existing global standards and mandates easily.
Assess risks objectively and formulate an action plan to bring them to tolerance level.
Transform reactive cybersecurity practices into an agile, risk-informed approach.
Ensure the products and services from your partners meet critical security outcomes.
Using ManageEngine's extensive suite of solutions, organizations can comply with data collection, data security, and audit requirements of the Trinidad and Tobago Data Protection Act. Here's how you can comply
Appoint an information officer to bear the responsibility of ensuring compliance when it comes to data processing and collection. Ensure that the data subject provides written consent for the processing of their data.
Identity and access management tools can help establish role-based access controls so that only authorized personnel are allowed to handle sensitive data.
AD360
Select any combination of management, auditing, reporting and alerting tasks concerning AD and Microsoft 365, and delegate them by creating custom help desk roles.
Access Manager Plus
Create custom roles with preset permissions to ensure users have only the required access to perform their tasks.
M365 Manager Plus
Establish role-based access control for Microsoft 365 administration.
Endpoint Central
Grant permissions of your choice based on multiple predefined or tailor-made roles using role-based access control.
Ensure that the information collected is for a specific, well-defined, and legitimate purpose. After processing, the data should be disposed of permanently.
Data discovery tools can help locate sensitive content, such as PII or ePHI, and maintain an inventory of the personal data stored.
DataSecurity Plus
Identify anomalous data access, modification, and deletion using regular expression (regex) or keyword matching.
Endpoint DLP Plus
Leverage extensive records on access and transfer events involving sensitive information for auditing.
Ensure that the data subjects are aware of all the details regarding collection and processing of data. Extensive documentation of all processing information must be maintained as proof.
Generate context-based audit logs, sessions recordings of users handing personal data, and predefined report templates to help with the documentation of the processing activities using a privileged session management solution.
Data collected and stored must be done so only for a specific purpose and should be processed only with the consent of the data subject.
Locate and delete junk data including obsolete and duplicate files using data discovery tools.
Endpoint Central
Keep personal and corporate data separate on mobile devices. Delete personal data from your servers and revoke access to that data.
Password Manager Pro
Prevent unauthorized users from exploiting privileged access to personal data repositories.
ADAudit Plus
Enable real-time Windows Active Directory auditing, logon and logoff auditing, and Windows Server auditing.
DataSecurity Plus
Find users with full controlled access to your Windows shares, and locate the files and folders shared with everyone.
PAM360
Ensure that only authorized users can remotely access sensitive data for specific periods of time.
Data collected must be stored in an organized manner, kept up-to-date, and stored only for the duration of the purpose for which it was collected.
Data discovery tools can help locate data promptly and delete or modify data upon request.
Log360
Audit databases to determine how long data has been stored and delete personal information once the storage threshold is reached.
DataSecurity Plus
Identify where personal and sensitive data is stored to facilitate further processing.
Endpoint DLP Plus
Scan endpoints within your network for quick modification or deletion of data upon request.
The information collected and stored should be accurate, complete, and not misleading. It should only be updated whenever necessary.
A real-time alert mechanism can alert you of unauthorized access, modification, or deletion of files with confidential data.
Endpoint Central
Schedule device scans to ensure the availability and integrity of personal data.
DataSecurity Plus
Monitor and delete outdated or incorrect data.
Browser Security Plus
Scan active browsers to ensure the protection of data.
Access Manager Plus
Create context-rich logs of user sessions and instantly send SNMP traps and syslog messages to SIEM tools to support compliance audits.
Take technical and organizational measures to ensure the integrity, confidentiality, and security of the collected data.
Detect vulnerabilities and external attacks using log management tools and perform root cause analyses on breaches using log forensics.
Log 360
Detect potential external threats and more using Log360's real-time correlation engine, and conduct RCAs with the its intuitive log search engine.
Patch Manager Plus
Scan endpoints to detect missing patches and automate the deployment of tested patches.
EventLog Analyzer
Audit all activities on systems that store personal data and changes to personal data, with timely alerts being sent to data protection officers whenever the integrity of the data is being compromised.
DataSecurity Plus
Audit file and folder actions and maintain an audit train of accesses. Trigger instant alerts to admins when suspicious activity is detected. Delete and contain ransomware infections to prevent data loss.
Endpoint DLP Plus
Limit data access to essential and relevant personnel based on security clearance and task-specific requirements.
Further processing should be compatible with the originally stated purpose and requires additional consent from the data subject except for legal and national security requirements.
Security information and event management (SIEM) solutions can help detect and audit anomalous activities, like data leak or unauthorized sharing, modification, or erasure, to ensure that data is not being misused by internal or external sources.
DataSecurity Plus
Monitor and analyze the removal of all peripheral storage devices such as USB drives using DataSecurity Plus' USB tracking.
Log360
Detect suspicious user behavior using the Log360 UEBA engine's unsupervised ML algorithms and statistical analytics.
Key Manager Plus
Secure data in transit and easily monitor and manage your public key infrastructure.
Have documents on organizational policies and practices on personal data management readily available for individuals to view and comprehend.
Maintain full transparency when it comes to privacy policies and practices. Have dedicated pages on the company website that clearly list out data security and privacy best practices followed by the organization.
ManageEngine privacy policy
ManageEngine, in accordance with our parent company, Zoho Corporation, makes every effort to ensure your data is secure and is not used without your consent. We only collect the information that we actually need. Some of that is information that you consent to give us when you sign up for an account, register for an event, ask for customer support, or make a purchase.
Have a system in place that allows data subjects to request for the modification or erasure of inaccurate, incomplete, or unlawfully obtained data.
Data discovery tools can help locate files containing personal data and allow for their timely modification or erasure.
DataSecurity Plus
Create custom data discovery rules and policies to locate sensitive data in your file servers. Generate reports including type, location, and quantity of sensitive data in each file.
Endpoint DLP Plus
Uncover personal data whereabouts and the relation between data and the corresponding sources, systems, and users.
Create an effective channel where users can challenge the organization's compliance with the above principles and the organization can provide an appropriate and satisfactory response.
Data discovery tools can help locate and keep an inventory of personal data to ensure that compliance guidelines are being followed.
DataSecurity Plus
Keep your inventory of personal data updated by scanning your Windows file system at periodic intervals.
Endpoint DLP Plus
Scan, discover, and retrieve personal data, enabling prompt changes upon request by data subjects.
Data being transferred outside of Trinidad and Tobago must only be done to those states that ensure protection for the rights and freedoms of the data subjects.
The right tools can monitor, authorize, or block all data activity, including movement of data between devices, to identify potential breaches ahead of time and ensure data security.
Endpoint Central
Set geo-fencing alerts and device locks in case a device does not check in with the server over a predefined period of time.
Log360
Centralize and correlate security data to identify potential data breaches instantly.
Endpoint DLP Plus
Configure policies to restrict the movement of sensitive information to peripheral devices.
Talk to our experts to get more information on how your organization
can meet the compliance mandates of this act.
Fully complying with the Trindad and Tobago Data Protection Act requires a variety of solutions, processes, people, and technologies. The solutions mentioned above are some of the ways in which IT management tools can help with some of the Act's requirements. Coupled with other appropriate solutions, processes, and people, ManageEngine's solutions help achieve and sustain compliance with the Act. This material is provided for informational purposes only and should not be considered as legal advice for Trinidad and Tobago Data Protection Act compliance. ManageEngine makes no warranties, express, implied, or statutory, as to the information in this material.