The Government has announced the appointment of **George Rodgers** as the first Data Protection Commissioner, with responsibility for the administration and enforcement of the provisions of **The Data Protection (Privacy of Information) Act**. The appointment became effective as of April 2, 2007.
In recent media interviews, Mr. Rodgers pointed out that The Bahamas now has the necessary data protection legislation which the international community recognises. Duties of the new Data Commissioner will also include investigation of any contraventions of the legislation, and the provision of information to the public about the legislation. On the latter point, Mr. Rodgers said one of the more important action steps in the immediate future is to *“get the information out to the public that a privacy law is in place.”*
Mr. Rodgers also expects that the Data Protection Act will increase The Bahamas’ profile as an international commercial centre, potentially positioning it as a preferred jurisdiction for locating data services.
In 2003 the Bahamas Government introduced a series of acts designed to facilitate the development of e-commerce and e-government, including the Electronic Communications Act and the Computer Misuse Act. That same year, the Government released an Electronic Commerce Policy Statement, articulating its strategy for transforming the Bahamian economy to a digital one. The policy set the foundation for the Bahamian Digital Agenda and underscored the Government’s commitment to be globally competitive and put in place the necessary information and communications infrastructure to sustain electronic business activity.
The Data Protection Act represents another step in this initiative. The legislation ensures internationally recognised standards for the collection, use and disclosure of personal information. In fact, the Data Protection Act provides a statutory framework for the universal standards for data protection as found in the OECD Principles on Privacy 1980.
In addition, the Act:
* places an obligation on data collectors and controllers to obtain information fairly and lawfully, use it in a manner consistent with that for which it has been collected and keep it for specific purposes and periods;
* provides for the security of data collected, and no unauthorised disclosure (serving to reinforce confidentiality provisions)
* grants data subjects the right to be provided with information kept on them upon request, and to have inaccurate information erased or rectified. (The information rights of beneficiaries defined in the Trustee Act remain in effect)
* provides for the prohibition against unauthorised trans-border data flows to jurisdictions which have inadequate data protection measures in place.