Vision Statement
To oversee the administration of the provisions of the Data Protection (Privacy of Personal Information) Act, 2003 and within that context to protect and promote privacy.
Mission Statement
To protect and promote the privacy rights of individuals.
Areas of Responsibility
The Office of the Data Protection Commissioner is primarily responsible for:
- Administering and enforcing the provisions of the Data Protection Act.
- Promoting the observance of good practice by data controllers within the requirements of the Act.
- Influencing thinking on privacy and processing of personal information matters on a local and global basis.
- Discharging, as the national supervisory authority, various functions relating to or arising from any international obligations The Bahamas may have or is seeking to be a party to, in connection with data protection.
Key Functions and Responsibilities
As an agency of the Government of the Commonwealth of The Bahamas the Office of the Data Protection Commissioner is committed to carrying out its functions by:
- Acting with independence, impartiality and integrity in carrying out its role as a privacy “Ombudsman”.
- Demonstrating leadership in promoting and protecting the privacy rights of individuals.
- Being responsive to its clients.
- Working collaboratively with stakeholders locally and/or internationally.
Currently, the Office of the Data Protection Commissioner is comprised of the Commissioner and his Secretary (described as an “Administrative Assistant” in the chart below). The chart, however, depicts the functions of the office which are now within the purview of the Commissioner, but which may evolve into job positions/units with the growth of the activities of the office.
Investigations and Inquiries
- Investigate complaints received from individuals under Section 15 of the DPA.
- Establish whether individuals have had their privacy rights violated.
- Determine whether individuals have been afforded their rights to access to their personal information.
- Seek to provide redress and to ensure violations do not recur where privacy rights have been violated.
- Mediate and conciliate, with a view to taking corrective action, if necessary, the preferred approaches to complaint solving.
Audit Research and Policy
- Assess how well organisations comply with the provisions and spirit of the DPA.
- Conduct compliance reviews of the function and/or work of a Data Controller or Data Processors, with regard to the application of the Act outlined in Section 4 of the DPA.
- Receive, analyse and provide comments and recommendations on Data Protection issues affecting The Bahamas.
- Seek to ensure that privacy risks associated with specific programs and services are properly identified and that appropriate measures are taken to mitigate these risks.
- Develop a centre of expertise on emerging Privacy/Data protection issues at home and abroad.
- Research trends, monitor legislative and regulatory initiatives and provide analysis on key issues, including policies and positions that advance the position of the privacy rights of personal information.
- Identify legislation, new programmes and emerging technologies that raise privacy concerns, providing strategic advice and policy options.
- Draft discussion and/or position papers for public consumption on issues affecting privacy and personal briefing material for public speeches etc.
Public Education and Communication
- Promote the observance of good practice by Data Controllers within the requirements of the Act.
- Provide information to the public about the Legislation and how it works, and about relevant matters.
- Issue codes of practice for guidance as to good practice about Data Protection.
- Encourage the preparation and dissemination of Data Protection codes of practice by trade associations; consider codes submitted for review and ensure appropriate consultation, providing an opinion on the codes as to good practice.
- Discharge various functions relating to or arising from international obligations of The Bahamas, as regards Data Protection (privacy) issues.
- Plan and implement a number of public education and communication activities, including speaking engagements and special events, media relations, advertising, the production and dissemination of promotional and educational material. Clearly all of the above will not fall into place immediately, but it is anticipated that the framework will evolve over time.
Address and Contact Information:
The Office of the Data Protection Commissioner
31A Poinciana House
North Building
East Bay Street
Tel: (242) 604-1001
P.O. Box N-3017
Nassau, Bahamas
E-mail: dataprotection@bahamas.gov.bs
Opening hours: 9:00 am to 5:00 pm, Monday to Friday, except on public holidays.
- Bahamas Financial Services Board
- Council of Europe Data Protection
- Data Protection Commissioner of Ireland
- Information Commissioner’s Office
- OECD Privacy Policy Generator
- Office of the Privacy Commissioner
- Privacy Commissioner of Canada
- Privacy and Data Protection (UK)
- The Central Bank of the Bahamas
- The Compliance Commission
- US Department of Commerce Safe Harbor
- United States of America Federal Trade Commission: Privacy Initiatives