**George E. Rodgers
Data Protection Commissioner**

The **Office of the Data Protection Commissioner (ODPC)** recently submitted its Annual Report to the Prime Minister.

The report covers the period 26th October 2006, the day of the appointment of the Data Commissioner, to 31st December 2007. It includes matters concerning the establishment of the Office of the Data Protection Commissioner as well as the operation and status of the Data Protection (Privacy of Personal Information) Act, 2003 (DPA).

The DPA sets out the legal framework for the collection, use and disclosure of personal information consistent with internationally recognized principles established by the Council of Europe, The European Union (EU) and the Organization for Economic Co-operation and Development (OECD), and the United Nations (UN). The DPA came into force on 2nd April 2007, subsequent to the establishment of the Office of the Data Protection Commissioner in October 2006.

As an essential part of the Government’s E-Commerce enabling legislative package, the DPA is intended to ensure that personal information that is collected on individuals is managed in a manner which ensures that fundamental privacy rights are observed and that the data is used in a manner that is consistent with the intentions of the data subject. The Report notes that the rapid expansion of the Internet, the ease with which data can be aggregated, and the value attributed to personal data, have all meant that opportunities for abuse in the handling of such data can occur. *”It is therefore, essential that the DPA becomes an effective tool to ensure that a sensible balance is evoked to allow for legitimate data collection without compromising the basic rights to have personal information protected and privacy respected.”*

Mr. Rodgers says that he is honoured to have been the first appointed Data Protection Commissioner. He sees the focus of the DPA as providing the public with a set of clearly defined and comprehensive protection of their fundamental human right to privacy, thereby enhancing the protection which is already guaranteed by the Constitution of The Bahamas. He notes that as a new data protection regime, one of ODPC’s objectives is to examine the special procedure for the European Commission to designate third countries as either satisfying or not satisfying the EU adequacy test for transborder data flows. *”Such an examination will be with a view to determining those initiatives that would enhance The Bahamas’ attractiveness as a preferred jurisdiction for locating data services industries.”*

The work of the ODPC has been divided into four main categories:-

1. Investigations and Enquiries
2. Audit Research and Policy
3. Public Education and
4. Human Resources—Legal and Other Services

The ODPC launched its official website on December 10, 2007. The site is intended to provide a resource center as well as become an effective medium for the Commissioner to keep the public informed as it relates to government policy and the development of international standards for the use and disclosure of personal information.