Law: Data Protection (Privacy of Personal Information) Act 2003 ('the Act')
Regulator: Office of the Data Protection Commissioner ('the Commissioner')
Summary: At present, the Act addresses certain essential data protection elements, including rights to access and erasure, establishing the data protection authority, data transfers, direct marketing, legal bases for processing, and enforcement processes. The Act is based around eight principles, which cover data collection, accuracy, processing purposes, disclosure, retention, security measures, and the right of access. The Act also places a duty of care on data controllers to data subjects in regard to their personal data. The Commissioner has various powers under the Act, such as the capacity to prohibit the transfer of personal data outside the Bahamas under specific circumstances. The Commissioner published several informational brochures, a Guide for Data Controllers, and other material between 2010-2015.