The National Assembly on Wednesday December 10 unanimously sanctioned a bill seeking to regulate the holding of personal data on computers and the disclosure of such information by the users.

The Data Protection Bill 2003 was presented by Vice-President James Michel in his capacity as the Minister for Information, Technology and Communication. It targets mainly organisations, both in the public and private sectors, which keep personal data of their employees or other individuals on computers, or computer bureaux that act as agents for other companies and are involved in the processing of personal data. 

VP Michel said the bill was formulated on a model used in most Commonwealth countries and was based on eight principles, namely that a person who uses data containing personal information obtain it fairly and lawfully, that she or he holds the data for specified purposes only and discloses it to specified persons, ensure that the data is accurate and up to date, not to retain the data longer than is necessary, not to allow persons about whom the data is held to have access to it and if necessary to have the information erased and to protect the data from unauthorised access, alteration and destruction.  The data, he said, must be about a person who is still alive and can be identified.

The bill, VP Michel said, made provision for the appointment of a Data Commissioner and other officers who will implement and enforce the Data Protection Act when it comes into force.

The Commissioner's office will register personal data that organisations have on their computers about their employees or other individuals, but without the detailed information.

For instance, the Commissioner will know that a certain company has the personal data relating to the sex, address, education record or marital status of an individual, without having access to the details. 

The regulation also prohibits the holding of unregistered personal data by organisations. The Data Commissioner will also be empowered to prevent the transfer of personal data out of Seychelles in certain circumstances.

Certain personal data such as those on payroll, accounts, information in connection with statutory functions such as voters' list, personal information about physical or mental health of an individual, are exempted from registration.

A person will also be prohibited from accessing personal data for reasons of national security, taxation, as well as for crime prevention and detection, and criminal prosecution.

The maximum fine for a person who contravenes the principles of the Data Protection Act is R20,000.

LINKS