Cyber Law at Bahamas
The Bahamas has established a comprehensive legal framework to address cybercrime and data protection, primarily through the Computer Misuse Act (CMA) and the Data Protection (Privacy of Personal Information) Act.
Computer Misuse Act (CMA), 2003
Enacted on November 4, 2003, and effective from April 6, 2004, the CMA criminalizes various cybercrimes, including:
Unauthorized access to computer material: Accessing computer systems without permission.
Access with intent to commit an offense: Gaining access to facilitate further criminal activities.
Unauthorized modification of computer material: Altering or erasing data without authorization.
Unauthorized use or interception of computer services: Using or intercepting computer services without consent.
Unauthorized obstruction of computer use: Preventing or hindering the use of computer systems.
Unauthorized disclosure of access codes: Revealing passwords or other access credentials without authorization.
The CMA also includes provisions for enhanced penalties when offenses involve protected computers, such as those related to national security or critical infrastructure. Notably, the Act has extraterritorial application, allowing Bahamian courts to prosecute offenses committed outside the country if the offense involves a computer, program, or data located within The Bahamas at the time of the offense.
Data Protection (Privacy of Personal Information) Act, 2003
This Act governs the collection, processing, and storage of personal data in The Bahamas. Key provisions include:
Lawful and fair collection: Personal data must be collected lawfully and fairly.
Accuracy and relevance: Data should be accurate, up-to-date, and relevant to its purpose.
Purpose limitation: Data must be kept for specified, legitimate purposes and not used in ways incompatible with those purposes.
Data subject rights: Individuals have the right to access, correct, or erase their personal data.
Security measures: Data controllers must implement appropriate security measures to protect personal data.
Enforcement and penalties: Violations can result in fines up to BSD 100,000, with continuing violations attracting additional penalties. Serious offenses may lead to criminal prosecution.
RELATED Blog
0 comments