What is the Trinidad and
Tobago Data Protection Act?

The Trinidad and Tobago Data Protection Act of 2011 aims to protect the privacy of personal data collected and processed by private and public bodies from individuals residing in Trinidad and Tobago. The Office of the Information Commissioner is responsible for the Data Protection Act's enforcement, interpretation, and oversight.

Due to recent events in the region that saw several gigabytes of personal information leaked, the government of Trinidad and Tobago, now more than ever, is seeking to take a firmer stance against cybercrime and enforce the data protection act more rigidly and effectively.

Why do you need to comply with the Trinidad and Tobago Data Protection Act?

  • Strengthen your cybersecurity posture

    Strengthen your cybersecurity posture

    Examine your organization's current security posture and prioritize opportunities to strengthen it.

  • Maximize ROI

    Maximize ROI

    Focus on critical service delivery components to make the implementation process cost-effective.

  • Comply with global standards

    Comply with global standards

    Comply with other existing global standards and mandates easily.

  • Understand organizational risks

    Understand organizational risks

    Assess risks objectively and formulate an action plan to bring them to tolerance level.

  • Become risk-informed

    Become risk-informed

    Transform reactive cybersecurity practices into an agile, risk-informed approach.

  • Expand the scope of risk management

    Expand the scope of risk management

    Ensure the products and services from your partners meet critical security outcomes.

Complying with the Trinidad and
Tobago Data Protection Act

Using ManageEngine's extensive suite of solutions, organizations can comply with data collection, data security, and audit requirements of the Trinidad and Tobago Data Protection Act. Here's how you can comply

  • Accountability
  • Purpose specification
  • Openness
  • Purpose limitation
  • Retention limitation
  • Data quality
  • Security safeguards
  • Further processing limitation
  • Privacy policy
  • Data subject participation
  • Data subject rights
  • International transfers

Accountability

What this means for your organization

Appoint an information officer to bear the responsibility of ensuring compliance when it comes to data processing and collection. Ensure that the data subject provides written consent for the processing of their data.

How IT can help

Identity and access management tools can help establish role-based access controls so that only authorized personnel are allowed to handle sensitive data.

How ManageEngine can help

AD360
Select any combination of management, auditing, reporting and alerting tasks concerning AD and Microsoft 365, and delegate them by creating custom help desk roles.

Access Manager Plus
Create custom roles with preset permissions to ensure users have only the required access to perform their tasks.

M365 Manager Plus
Establish role-based access control for Microsoft 365 administration.

Endpoint Central
Grant permissions of your choice based on multiple predefined or tailor-made roles using role-based access control.

Purpose specification

What this means for your organization

Ensure that the information collected is for a specific, well-defined, and legitimate purpose. After processing, the data should be disposed of permanently.

How IT can help

Data discovery tools can help locate sensitive content, such as PII or ePHI, and maintain an inventory of the personal data stored.

How ManageEngine can help

DataSecurity Plus
Identify anomalous data access, modification, and deletion using regular expression (regex) or keyword matching.

Endpoint DLP Plus
Leverage extensive records on access and transfer events involving sensitive information for auditing.

Openness

What this means for your organization

Ensure that the data subjects are aware of all the details regarding collection and processing of data. Extensive documentation of all processing information must be maintained as proof.

How IT can help

Generate context-based audit logs, sessions recordings of users handing personal data, and predefined report templates to help with the documentation of the processing activities using a privileged session management solution.

How ManageEngine can help

PAM360
Capture all activities around privileged accounts with context-rich logs, built-in reports, and user session recordings.

Log360
Enable agentless and agent-based log collection and leverage comprehensive predefined compliance reports.

Purpose limitation

What this means for your organization

Data collected and stored must be done so only for a specific purpose and should be processed only with the consent of the data subject.

How IT can help

Locate and delete junk data including obsolete and duplicate files using data discovery tools.

How ManageEngine can help

Endpoint Central
Keep personal and corporate data separate on mobile devices. Delete personal data from your servers and revoke access to that data.

Password Manager Pro
Prevent unauthorized users from exploiting privileged access to personal data repositories.

ADAudit Plus
Enable real-time Windows Active Directory auditing, logon and logoff auditing, and Windows Server auditing.

DataSecurity Plus
Find users with full controlled access to your Windows shares, and locate the files and folders shared with everyone.

PAM360
Ensure that only authorized users can remotely access sensitive data for specific periods of time.

Retention limitation

What this means for your organization

Data collected must be stored in an organized manner, kept up-to-date, and stored only for the duration of the purpose for which it was collected.

How IT can help

Data discovery tools can help locate data promptly and delete or modify data upon request.

How ManageEngine can help

Log360
Audit databases to determine how long data has been stored and delete personal information once the storage threshold is reached.

DataSecurity Plus
Identify where personal and sensitive data is stored to facilitate further processing.

Endpoint DLP Plus
Scan endpoints within your network for quick modification or deletion of data upon request.

Data quality

What this means for your organization

The information collected and stored should be accurate, complete, and not misleading. It should only be updated whenever necessary.

How IT can help

A real-time alert mechanism can alert you of unauthorized access, modification, or deletion of files with confidential data.

How ManageEngine can help

Endpoint Central
Schedule device scans to ensure the availability and integrity of personal data.

DataSecurity Plus
Monitor and delete outdated or incorrect data.

Browser Security Plus
Scan active browsers to ensure the protection of data.

Access Manager Plus
Create context-rich logs of user sessions and instantly send SNMP traps and syslog messages to SIEM tools to support compliance audits.

Security safeguards

What this means for your organization

Take technical and organizational measures to ensure the integrity, confidentiality, and security of the collected data.

How IT can help

Detect vulnerabilities and external attacks using log management tools and perform root cause analyses on breaches using log forensics.

How ManageEngine can help

Log 360
Detect potential external threats and more using Log360's real-time correlation engine, and conduct RCAs with the its intuitive log search engine.

Patch Manager Plus
Scan endpoints to detect missing patches and automate the deployment of tested patches.

EventLog Analyzer
Audit all activities on systems that store personal data and changes to personal data, with timely alerts being sent to data protection officers whenever the integrity of the data is being compromised.

DataSecurity Plus
Audit file and folder actions and maintain an audit train of accesses. Trigger instant alerts to admins when suspicious activity is detected. Delete and contain ransomware infections to prevent data loss.

Endpoint DLP Plus
Limit data access to essential and relevant personnel based on security clearance and task-specific requirements.

Further processing limitation

What this means for your organization

Further processing should be compatible with the originally stated purpose and requires additional consent from the data subject except for legal and national security requirements.

How IT can help

Security information and event management (SIEM) solutions can help detect and audit anomalous activities, like data leak or unauthorized sharing, modification, or erasure, to ensure that data is not being misused by internal or external sources.

How ManageEngine can help

DataSecurity Plus
Monitor and analyze the removal of all peripheral storage devices such as USB drives using DataSecurity Plus' USB tracking.

Log360
Detect suspicious user behavior using the Log360 UEBA engine's unsupervised ML algorithms and statistical analytics.

Key Manager Plus
Secure data in transit and easily monitor and manage your public key infrastructure.

Privacy policy

What this means for your organization

Have documents on organizational policies and practices on personal data management readily available for individuals to view and comprehend.

How IT can help

Maintain full transparency when it comes to privacy policies and practices. Have dedicated pages on the company website that clearly list out data security and privacy best practices followed by the organization.

How ManageEngine can help

ManageEngine privacy policy
ManageEngine, in accordance with our parent company, Zoho Corporation, makes every effort to ensure your data is secure and is not used without your consent. We only collect the information that we actually need. Some of that is information that you consent to give us when you sign up for an account, register for an event, ask for customer support, or make a purchase.

Data subject participation

What this means for your organization

Have a system in place that allows data subjects to request for the modification or erasure of inaccurate, incomplete, or unlawfully obtained data.

How IT can help

Data discovery tools can help locate files containing personal data and allow for their timely modification or erasure.

How ManageEngine can help

DataSecurity Plus
Create custom data discovery rules and policies to locate sensitive data in your file servers. Generate reports including type, location, and quantity of sensitive data in each file.

Endpoint DLP Plus
Uncover personal data whereabouts and the relation between data and the corresponding sources, systems, and users.

Data subject rights

What this means for your organization

Create an effective channel where users can challenge the organization's compliance with the above principles and the organization can provide an appropriate and satisfactory response.

How IT can help

Data discovery tools can help locate and keep an inventory of personal data to ensure that compliance guidelines are being followed.

How ManageEngine can help

DataSecurity Plus
Keep your inventory of personal data updated by scanning your Windows file system at periodic intervals.

Endpoint DLP Plus
Scan, discover, and retrieve personal data, enabling prompt changes upon request by data subjects.

International transfers

What this means for your organization

Data being transferred outside of Trinidad and Tobago must only be done to those states that ensure protection for the rights and freedoms of the data subjects.

How IT can help

The right tools can monitor, authorize, or block all data activity, including movement of data between devices, to identify potential breaches ahead of time and ensure data security.

How ManageEngine can help

Endpoint Central
Set geo-fencing alerts and device locks in case a device does not check in with the server over a predefined period of time.

Log360
Centralize and correlate security data to identify potential data breaches instantly.

DataSecurity Plus

  • Monitor and block data transfer to USB devices or as email attachments.
  • Reduce incident response time with instant alerts.
  • Generate alerts and responses on unwanted access or anomalies in file access and modification.
  • Maintain a document of all file and folder erasure actions.

Endpoint DLP Plus
Configure policies to restrict the movement of sensitive information to peripheral devices.

Get guidance on the Trinidad
and Tobago Data Protection Act

Talk to our experts to get more information on how your organization
can meet the compliance mandates of this act.

Name* Please enter the name
Email address*
Phone number* Please enter your phone number
Country*

By clicking ‘Submit’, you agree to processing of personal data according to the Privacy Policy.

Disclaimer

Fully complying with the Trindad and Tobago Data Protection Act requires a variety of solutions, processes, people, and technologies. The solutions mentioned above are some of the ways in which IT management tools can help with some of the Act's requirements. Coupled with other appropriate solutions, processes, and people, ManageEngine's solutions help achieve and sustain compliance with the Act. This material is provided for informational purposes only and should not be considered as legal advice for Trinidad and Tobago Data Protection Act compliance. ManageEngine makes no warranties, express, implied, or statutory, as to the information in this material.