/

/

/

/

/

Revised Laws of Saint Lucia (2023)

Back to Revised Laws of Saint Lucia (2023)

Back to Table of Contents

18. Requirement for consent

(1) A person may not inquire on the credit information respecting any data subject without first obtaining the consent of the data subject.

(2) A credit information provider may disclose to a credit bureau both negative and positive credit information without first obtaining consent from a data subject if the credit information provider provides notice to the data subject that credit and personal information may be disclosed to a credit bureau.

(3) The notice in subsection (2) may be given by the credit information provider through posting a notice —
1. (a) at its place of business;
1. (b) on the website of the credit information provider; or
1. (c) by any method that the credit information provider deems appropriate.

(4) Subject to subsection (8) and the Regulations, a person other than a data subject may, with the consent of the data subject, obtain a credit report in respect of the data subject for a permissible purpose referred to in section 20.

(5) The consent of the data subject —
1. (a) may be obtained by electronic means or by any method that permits a subscriber to produce valid evidence respecting the consent of the data subject, including prominently displaying the information regarding the consent in a clear and comprehensible manner in an application for credit, insurance, employment or tenancy or any other contract or agreement; and
1. (b) expires when the contract respecting the credit relationship between the credit provider, subscriber or credit information provider and the data subject is terminated; but the credit information respecting the data subject shall remain in the database of the credit bureau in accordance with section 25.

(6) Subject to subsection (4) a credit bureau shall, in releasing or transmitting data subject information to a person —
1. (a) verify and validate the identity and consent of the data subject; and
1. (b) use reasonable means of transmission that ensures that the data subject information is not altered, modified or corrupted during the transmission.

(7) Any person who obtains information regarding a data subject from a credit bureau under false pretences commits an offence and is liable, on summary conviction, to a fine of not less than $10 000 but not exceeding $100 000.

(8) Subsection (4) does not apply if the data subject information is required —
1. (a) in response to an order of a court of competent jurisdiction;
1. (b) to avoid prejudice to the administration of justice including the prevention, detection, investigation, prosecution or punishment of offences by any public sector agency;
1. (c) to enable an insurer to investigate any allegation of insurance fraud;
1. (d) for the enforcement of any law imposing a pecuniary penalty;
1. (e) for the protection of the public revenue;
1. (f) for the conduct of proceedings before any court or tribunal;
1. (g) to be used in a form in which the identity of the data subject concerned is protected; or
1. (h) for statistical or research purposes and is not to be published in a form that could reasonably be expected to identify the data subject concerned.

18. Requirement for consent

1. Short title and commencement

2. Interpretation

3. Powers, duties and functions of Central Bank

4. Requirement for licence

5. Application for licence

6. Evaluation of application

7. Grant of licence

8. Refusal to grant licence

9. Terms and conditions of licence

10. Display of licence

11. Restrictions on transfer of licence, etc.

12. Restrictions on employment of certain persons

13. Payment of fees

14. Material change in circumstances affecting credit bureau, etc.

15. Suspension and revocation of licence, etc.

16. Publication of grant of licences, etc.

17. Activities of credit bureau

19. Credit reports

20. Permissible purposes

21. Data management and quality control

22. Security and control measures

23. Data subjects' rights of access and correction

24. Duty to maintain records and credit information

25. Restrictions regarding disclosure of data subject information

26. Supplying false information prohibited

27. Credit information providers

28. Adverse actions against data subjects

29. Void agreements

30. Resolution of disputes and complaints

31. Cross-border data flow

32. Periodic returns

33. Information gathering powers

34. Inspections

35. Entry and search of premises

36. Order by Central Bank

37. Costs of inspections

38. Auditors and annual reports

39. Court order

40. Civil liability for negligent non-compliance

41. Appointment of Review Commission

42. Right to review

43. Review proceedings

44. Decisions of Review Commission

45. Appeals to High Court

46. Appeals to Court of Appeal

47. Agreements with other bodies, etc.

48. Confidentiality

49. Evidence regarding certificate of Central Bank

50. General offences and penalties

51. Fixed penalties

52. Offences by credit bureau or other entity

53. Defences in criminal proceedings

55. Protection of databases upon liquidation

56. Regulations

57. Amendment of Schedules