03 April 2020 | News


 Ombudsman urges public to keep COVID-19 patient details private

The Office of the Ombudsman is aware of concerns that individuals are seeking to identify, and even publicly expose, people who are infected with COVID-19.  Aside from the moral, ethical and societal implications surrounding the stigma associated with naming and shaming another human being, there are legal implications if sensitive personal data is made public. 

On Sept. 30, 2019, the Cayman Islands Data Protection Law (“the Law”) came into force. The Law sets out specific protections for individuals against the misuse of their personal data.  Information about a person’s health is “sensitive personal data” and is subject to more stringent controls and scrutiny. 

Individuals who decide how to use personal data (data controllers) must ensure that it is only used for proper purposes, for example, treating a patient at the hospital. Any medical or administrative staff members who release sensitive personal data to people and who are not authorised to do so can be guilty of an offence under the Law and liable on conviction to a fine of up to $100,000. In addition, releasing such information could violate other Cayman Islands laws relating to defamation, harassment or incitement. 

The Data Protection Law may also apply to private citizens who disclose information about another person’s health, such as whether they have COVID-19.  The Ombudsman warns against disclosing any such information as it could result in the same penalties outlined above.   

If any such incidents occur, individuals may make a complaint to our office by calling 946-6283 or emailing This email address is being protected from spambots. You need JavaScript enabled to view it..  If you have any questions, please feel free to contact us.

More information about Data Protection can be found on our website: https://ombudsman.ky/data-protection