Dear Editor,
A global disruption underscores local priorities: privacy, resilience, and accountability.
The internet disruption that swept the world on November 18 – originating from a global content delivery and security provider – briefly slowed or stalled access to websites and apps across the globe. In Guyana, the outage served as a real world stress test for the country’s digital ecosystem, including the resilience of local services to threats that occur far beyond Guyana’s borders, as well as a reminder of why having a Data Protection Act matters. Just as importantly, it showed where continued guidance, enforcement, and preparedness can turn legal principles into everyday protection for people and businesses.
Guyana’s Data Protection Act lays out the rules of the road for how personal information is collected, used, stored, and shared. It places duties on organisations to safeguard data, respect individual rights, and plan for incidents whether they occur far beyond Guyana’s borders or in the next neighbourhood. When third party infrastructure hiccups ripple through local services, the Act’s focus on accountability and “security by design” becomes more than a theory; it becomes the difference between chaos and a coordinated response.
What the law already delivers
Organisations acting as data controllers and processors must have appropriate technical and organisational measures in place – encryption, access controls, staff training, and regular testing – to protect personal data.
The Act encourages privacy impact assessments for higher risk processing, which help institutions identify weak points in supply chains and third party dependencies before a problem occurs.
Residents have the right to know how their data is used and to seek redress when things go wrong, creating a feedback loop that strengthens trust in digital services.
By setting expectations for incident detection and reporting, the Act promotes timely communication with authorities and affected individuals when personal data is at risk.
Lessons from the outage
When a single provider sits between citizens and critical services, resilience and vendor oversight become central to data protection. Contracts with processors should include clear security standards, transparency on sub processors, and cooperation on incidents.
Outage plans – fallback DNS, alternate routing, and staged degradation – are not just about uptime. They reduce the likelihood of risky workarounds, rushed configuration changes, or data exposure during recovery.
Accurate, time stamped records help determine whether personal data was impacted and support evidence based notifications to the public.
Because many services run abroad, organisations should know where data flows, what safeguards apply, and how to switch or compartmentalise services if one region or provider falters.
What organisations can do now
Maintain an up to date inventory of personal data, systems, processors, and sub processors – including geographic locations – and review high risk dependencies.
Ensure data processing agreements cover security standards, breach cooperation, data return/deletion, and sub processor controls.
Practise incident response, designate a responsible lead (such as a data protection officer or equivalent), and pre write customer notices for faster, clearer communication.
Use least privilege access, encrypt data at rest and in transit, segment systems, and consider diversified architectures that avoid single points of failure.
What citizens should know
Your rights travel with your data.
You can ask organisations what data they hold about you, why they hold it, and how it’s protected – even if their technology providers are overseas.
Use strong, unique passwords, enable multi factor authentication, and be cautious of phishing that may follow high profile outages.
If an incident risks your personal data, organisations should communicate promptly and clearly about what happened and what you can do.
The November 18 disruption will not be the last global shock to the internet’s plumbing. The good news is that Guyana’s Data Protection Act already provides a solid foundation. The opportunity now is to operationalise it – through practical guidance, consistent enforcement, and a culture of readiness – so that the next incident is met with resilience, clear communication, and stronger protection for everyone who depends on the country’s growing digital economy.
Yours sincerely,
Philip Inshanally
Discover more from Guyana Times
Subscribe to get the latest posts sent to your email.
