The Electronic Communications and Transactions Act came into force in June, 2003. This Act, says the Ministry of Finance, is vital to creating the environment for legal certainty necessary to instill confidence in online commercial activity, particularly global commercial activity.
The Act sets out a series of functional equivalency provisions which enforce the basic principle that due legal recognition will be accorded to an electronic message, signature, writing and contract on the same basis as such features would be recognized in a paper based environment and that there would be no discrimination against a transaction solely because it was conducted via an electronic medium. It also allows parties to use electronic devices to form, negotiate and conclude contracts and other legally binding agreements.
Exemptions include disposition of property, testamentary dispositions, negotiable instruments, enduring powers of attorney and court documents.
The Act is technology neutral, recognizing that technologies will continue to evolve. And unlike other jurisdictions, the Act does not prescribe the type or method to be used to generate an electronic contract, signature or method of authenticating the communication so long as the necessary attributes are met by electronic means.
Additionally the Act sets out the duties and the extent of liability of e-commerce service providers and similar intermediaries such as webhosts and Internet Service Providers.
The Misue of Computers Act also came into effect in June 2003. It creates a series of offences arising out of the unlawful interference with computers and computer systems. There are six different offenses, including hacking in all its guises, based on standards and guidelines that have been established by the European Council and the Organization for Economic and Co-operative Development (OECD) and which have been adopted by nearly 30 countries, primarily within the developed world. These offences do not currently exist in the penal framework of the Bahamas and are vitally important as a deterrent to wanton or negligent security breaches of computer systems. Recognising the critical nature of information systems and the catastrophic consequences breaches of such may have, as in the case of hacking or the release of viruses, penalties under the Bill are relatively severe.
The Data Protection Act, also passed in June, has yet to come into effect. It implements privacy principles established by the OECD under its guidelines that protect the privacy and transferred flows of personal data.
Consistent with the OECD's principles on Privacy, the Act requires that information should be obtained by fair and lawful means and used in a manner consistent with that for which it has been collected. The Act enables individuals to require persons who collect and use data to abide by standards of confidentiality in respect of such data and to provide individuals with information kept on them upon request. Of particular importance to e-commerce is the prohibition against the transfer of data to jurisdictions with inadequate data protection laws in place except with the data subject's consent.
The Act establishes an independent Office of Data Commissioner who has responsibility for enforcement of the data protection laws, but by 2006 no Commissioner had been appointed.
A transitional period was provided for to allow collectors and users of data to make the necessary adjustments to their systems to enable them to respond to a request from a data subject. This transitional period was one year in the case of the private sector and five years in the case of the public sector.