Barbados
Definition of Data
Data means 'representations of information or of concepts that are being prepared or have been prepared in a form suitable for use in a computer'.
Main Focus of Document
cater to economic, societal, environmental and global needs.
Target Beneficiaries or Sector
consumers, vendors, public sector
Key Elements
Makes provision for all forms of electronic transactions and matters connected to such transactions. Also provides for data protection and privacy and for the relevant Minister to make regulations that are necessary for the processing of data whether in Barbados or outside of Barbados. Notable sections include:
Electronic signature
8. (1) Where the law requires the signature of a person, that requirement is met in relation to an electronic record if:
(a) a method is used to identify that person and to indicate that person’s approval of the information in the electronic record; and
(b) that method is as reliable as is appropriate for the purpose for which the electronic record was generated or communicated, in the light of all the circumstances, including any relevant agreement.
(2) An electronic record that meets the requirements of paragraphs (a) and (b) of subsection (1) shall not be denied legal effect, validity and enforceability solely on the ground that it is an electronic signature.
(3) Subsection (1) applies whether the requirement for a signature is in the form of an obligation or the law provides consequences for the absence of a signature.
Restrictions on disclosure of information
22. (1) Subject to this Part, no information that:
(a) has been obtained under or by virtue of the provisions of this Act, and
(b) relates to the private affairs of a natural person or to any particular business shall, during the lifetime of that person or as long as that business continues to be carried on, be disclosed without the consent of that natural person or the person for the time being carrying on that business.
(2) Subsection (1) does not apply to any disclosure of information which is made
(a) for the purpose of facilitating the carrying out of any functions under Part IV;
(b) for the purpose of facilitating the carrying out of prescribed public functions of any persons;
(c) in connection with the investigation of any criminal offence or for the purposes of any criminal proceedings;
(d) for the purposes of any civil proceedings that:
(i) relate to the provision of certification or accreditation services, and
(ii) are proceedings to which a person authorized in accordance with the provisions of Part IV is a party.
(3) In subsection (2)(b) “public functions” includes any function conferred by or in accordance with any provision contained in or made under any enactment.
(4) If information is disclosed to the public in circumstances in which the disclosure does not contravene this section, this section shall not prevent its further disclosure by any person.
(5) Any person who discloses any information in contravention of this section is guilty of an offence and is liable:
(a) on summary conviction, to a fine of $10 000;
(b) on conviction on indictment, to imprisonment for a term of 2 years or to a fine of $10 000 or to both.
(6) The Minister may make regulations prescribing standards for the processing of personal data whether that data originates within or outside of Barbados.
(7) The regulations may provide for:
(a) the registration of the standards by data controllers and data processors;
(b) the establishment of a register that is available for public inspection, showing particulars of data controllers and data processors who have registered the standards and the dates thereof and the countries in respect of which the registration applies;
(c) the application of the standards to those countries specified in the regulations; and
(d) different standards to be applied in respect of personal data originating from different countries.
(8) A data controller or data processor who registers a standard referred to in subsection (6) must comply with the standard and any amendments made to that standard in respect of any personal data that:
(a) originates from a country to which the standard applies; and
(b) is collected by the data controller during the period of registration.
(9) A data controller or data processor who contravenes subsection (8) is guilty of an offence and is liable on summary conviction to imprisonment for a term of 6 months or to a fine of $5 000 or to both.
Policy/Regulation Mirrors
n/a