Law: Data Protection Act, 2011 (the Act). Please note, however, that only Part One, Sections 1 to 6, and Part Two, Sections 7 to 18, 22, 23, 25(1), 26 and 28, and Part Three, Section 42(a) and (b) of the Act have been partially proclaimed by Legal Notice 2 of 2012 and by Legal Notice 220 of 2021.

Regulator: The Act provides for the Office of the Information Commissioner (the Commissioner) (not yet established).

Summary: Data Protection in Trinidad and Tobago is governed by the Data Protection Act, 2011 (the Act) which was assented to on June 22, 2011. Through Legal Notice No. 220/2021, Section 42(a) and (b) of the Act, which provides disclosure exemption for public bodies, entered into force on August 23, 2021.

The Act applies to both private and public bodies and seeks to ensure the protection of an individual's right to privacy and sets out general principles as well as the right to maintain sensitive personal information as private, confidential, and personal. Interestingly, the Act also provides whistleblowing protections, namely prohibitions against dismissal, suspension, demotion, discipline, harassment or otherwise disadvantaging an employee or denying employee benefits in specific circumstances. The Act creates a Commissioner with investigatory and advisory power, however, the Commissioner has not yet been appointed. Since only limited provisions from the Act have come into effect, the data protection regime in Trinidad and Tobago can be considered limited.