Skip to main content

Data Protection Authority: appointment of Non-Executive Directors

This content has been automatically generated from the original PDF and some formatting may have been lost. Let us know if you find any major problems.

Text in this format is not official and should not be relied upon to extract citations or propose amendments. Please see the PDF for the official version of the document.

STATES OF JERSEY

DATA PROTECTION AUTHORITY: APPOINTMENT OF NON-EXECUTIVE DIRECTORS

Presented to the States on 12th October 2018 by the Chief Minister

STATES GREFFE

2018  R.133

REPORT

Background

Under Article 3(4) of the Data Protection Authority (Jersey) Law 2018 (the "Law"), the Chief Minister is required to notify the States Assembly of appointments made to the Data Protection Authority (the Office of the Information Commissioner).

Article 3(1) of the Law states that the Authority consists of –

"(a) the Chairman;

  1. no fewer than 3 and no more than 8 other voting members; and
  2. the Commissioner as an ex officio and non-voting member."

Although the Office of the Information Commissioner (the "OIC") has been operational since 2004, it was newly legally constituted under the Law with a Chairman and a Board.

The appointments will ensure that the OIC is fully constituted, enabling it to make strategic decisions.

Role specification and key skills sought

The Chairman of the OIC has advised that his goal in identifying suitable candidates was to combine a selection of local and international experts in fields relevant to the work of the Authority. His preference was to include individuals who were independent and well-respected and possessed strong local or international reputations. He also preferred to have a gender balance and diversity. In particular, the key skill areas identified were –

  • expert knowledge of the General Data Protection Regulation ("GDPR");
  • expert knowledge of the European Commission;
  • who could advise on ensuring that Jersey obtain an adequacy designation, which is of fundamental importance to the Island;
  • expert knowledge of Jersey politics and government;
  • expert knowledge of Jersey's finance sector; and
  • extensive Board experience and knowledge of the technical sector.

In addition, the Chairman wanted to ensure that potential appointees had an open mind on the question of the re-integration of the Jersey and Guernsey Data Protection offices, and possessed the utmost personal integrity.

Advertising for the role

The posting for the recruitment process appeared on the website of the OIC, the social media platform LinkedIn, the Jersey Evening Post, and the States of Jersey website www.gov.je for 3 weeks from the date of 21 June 2018.

Applications received

The recruitment process yielded 17 applications from candidates both on- and off- Island. Ten applicants were male and 7 were female. All applicants provided copies of their Curriculum Vitae and most a covering letter.

Shortlisting and interview process

The Chairman conducted the shortlisting with the Information Commissioner, Dr. Jay Fedorak, and the Deputy Information Commissioner, Mr. Paul Vane. Six candidates were interviewed.

Interviews took place on 8, 9 and 22 August 2018. The Panel consisted of the Chairman, the  Information  Commissioner,  Dr. Jay Fedorak,  the   Deputy  Information Commissioner, Mr. Paul Vane, and an independent HR consultant, Ms. Sam Duffy from Gecko.

Ms. Duffy confirmed that all the interviews were conducted in accordance with States of Jersey Human Resource guidelines. The interview questions covered the candidates' rationale for applying, personal attributes, development of strategies and solutions, and integrity.

Successful candidates

From  the  6 candidates  interviewed,  4  were  recommended  to  the  Minister  for appointment. The candidates are listed below with a summary of their skills and experience.

Ms. Clarisse Girot

Ms. Girot has significant expertise and experience working in the field of data protection and privacy regulation in Europe and Asia. She was Assistant Commissioner with the French Data Protection Authority, the Commission Nationale de l'Informatique et des Libertés ("CNIL"), where she worked closely with the European Commission, including on the former Article 29 Working Party, an advisory body made up of representatives from each of the EU Member States, the European Data Protection Supervisor and the European Commission. She is an expert in cross-border data-flows, and has experience in the European adequacy process, having worked with jurisdictions such as Japan, China and now Singapore. Singapore holds many similarities with Jersey – especially due to its economy largely relying on data-flows, especially in the financial sector. A key challenge for Jersey is to retain adequacy status from the European Commission. Working  on  legal  convergence  in  data  protection  in  Asia,  Ms. Girot  has  become acquainted with key stakeholders across the region, including Japan and Korea, which are facing similar challenges to negotiate their respective adequacy decisions. Ms. Girot is well-respected in the global data protection community, has a strong academic background, and is multi-lingual. She is currently working closely with the International

Data-Flows Unit of the European Commission, and is based in Singapore with the Asian Business Law Institute as Data Privacy Project Lead. The European Commission view her as a trusted source of information regarding data protection developments in Asian countries.

Mr. David Smith

Mr. Smith has extensive knowledge and experience in the field of data protection and freedom of information, having served as Deputy Information Commissioner with the UK ICO. He is well known and respected at an international level. His experience with regard to the European adequacy process and his involvement in developing the UK ICO's revenue structure will be invaluable for the Jersey Data Protection Authority. Mr. Smith is currently working as Special Adviser to one of the UK's top 5 law firms, Allen & Overy LLP, where he provides data protection and related regulatory advice.

Ms. Gailina Liew

An independent Board Director, entrepreneur and lawyer, Ms. Liew possesses a passion for the ethical implications of new technologies such as artificial intelligence, machine learning  and  big  data,  that  would  provide  the  Authority  Board  with  significant experience and expertise in a number of key areas. As a local candidate, Ms. Liew also has a strong grasp of the local economy, particularly in the field of digital, and leads Jersey's independent public policy knowledge partnership and think-tank, the Jersey Policy Forum, as well as sitting on the Jersey Appointments Commission as Vice- Chairman and Commissioner.

Mr. John Harris

Mr. Harris is well-known and respected in the local financial sector, having recently retired after 12 years as Director-General of the Jersey Financial Services Commission. He is a seasoned professional with extensive experience of running financial services institutions of scale and complexity in both public and private sectors. Mr. Harris has extensive international experience and a multitude of skills in addition to his financial services knowledge, including people development and strategic awareness. He built the reputation and operational capability of the JFSC as a sophisticated regulator, contributing to and enhancing Jersey's appeal as one of the top international finance centres.

The Chairman concluded that the successful candidates had the skills, knowledge, abilities and experience that he was seeking to include on the Board. It is the view of the Chairman that, both individually and collectively, the appointees are of an extremely high quality, and will garner local and international respect and assist in the OIC's objective of obtaining a higher international standing for Jersey in the field of data protection.

Conclusion

A Ministerial Decision accepting the recommendation of the Chairman has been signed, and the commencement date of the contract will be 29 October 2018. The term of office will be 3 years, to expire on 28 October 2021.

Resource implications

The Chief Minister's Department provides the OIC with an annual grant to regulate the Data Protection (Jersey) Law 2018 and the Freedom of Information (Jersey) Law 2011. The fees payable to Non-Executive Directors are sourced from the annual grant. There are no other financial or manpower implications for the States arising from these appointments.