The Tribune

By NEIL HARTNELL

Tribune Business Editor

nhartnell@tribunemedia.net

THE Bahamas must develop a National Cyber-crime Strategy otherwise its plans to become a ‘technology hub’ will be “gravely affected”, the Attorney General’s Office has warned.

Rashif Duncombe, a consultant in the Government’s ‘law chambers’, said the Bahamas needed to strengthen numerous areas - including intellectual property laws and the Data Protection Commissioner’s Office - and develop a National Digital ICT Strategy to achieve a key Government objective.

His January 15, 2018, report, which responded to the recommendations from the Government-appointed Grand Bahama Technology Hub Steering Committee, indicate this nation has much work ahead of it to create the legal, regulatory and enabling environment to attract such companies to the Bahamas.

The Committee, based on its own report, appears to have been working to a very ambitious timetable that included starting to promote Grand Bahama “as a hub for technology companies” by “no later than February 15” this year. The “drafting of required legislation, framing of public policy and deployment of required systems and infrastructure” was targeted for “no later than” March 15, with the legislation passed by Parliament in early May 2018. International trade missions to promote the Bahamas “as an ideal location to start and grow a technology company”, according to the committee’s aggressive schedule, were to begin just two weeks later.

But Mr Duncombe’s recommendations warned: “The focus of the Steering Committee is focused on development of ICT (information and communications technology) sector activity in the island of Grand Bahama. However, the achievement of these goals will be difficult if there is no nationally embraced enabling policy and regulatory environment.”

He suggested the creation of a National Digital ICT Strategy to “chart the course forward”, identifying priorities and “clusters of stakeholders” that would drive the technology sector’s expansion, as well as analyse the ‘enabling environment’s ability to attract such investment.

The Attorney General’s Office also called for existing industries that are heavily technology-reliant, such as financial services, to be engaged in the ‘hub’ discussions given that they were potentially “a dynamic partner” in the mission.

“It is recommended that while developing our National ICT Strategy we also consider developing a National Cyber-crime Strategy, which will have a symbiotic relationship with the National ICT Strategy,” Mr Duncombe told the Committee.

“From the perspective of cyber criminal activity there are several types of crime which will need to be reconciled in our criminal laws, [and] which will gravely affect the development of the proposed sector if not addressed at the outset.

“It also signals to investors that we are taking the development of the new sector seriously if we incorporate relevant offences into our penal laws when launching the new sector.”

Mr Duncombe’s recommendations emphasised that data and related intellectual property rights were “an emerging asset class among investors (in the fields of Analytics and Artificial Intelligence) and therefore introduce new forms of risk and vulnerabilities”.

His warning appears especially timely given the current global controversy that has knocked billions of dollars off Facebook’s share price, amid allegations that Cambridge Analytica, a data analysis firm, illegally mined the data of some 50 million users to aid political campaigns in the US and elsewhere.

Mr Duncombe warned that the Bahamas’ national cyber-crime strategy needed to incorporate such crimes into its criminal laws, with “stiff penalties” for violators. At-risk data and information needed to be properly classified, with an ‘incident management strategy’ developed for e-government.

Given the importance of cross-border data flows, and the need to safeguard this information, the Attorney General’s Office consultant called for the Data Protection Commissioner’s role to be strengthened as part of the Bahamas’ technology hub strategy.

“Presently, the office of the Data Protection Commissioner serves as a local administrative moderator for the e-level of data transfer, use and control within the local economy, and this is not sufficient in terms of monitoring and ensuring compliance with data protection laws in the context of increasing cross border data flows,” Mr Duncombe warned.

“Investors are always concerned about their assets when they enter new markets, and in the digital economy data is a very valuable asset. We may note the recent hacking of cryptocurrency exchanges internationally, accumulating to losses of hundreds of millions of dollars in investment capital.

“Cyber security policies and strong intellectual property protection provides one level of protection for investors, but ever increasingly the importance of data to conducting cross-border transactions will require stronger data protection laws and rules for data controllers and users in our territory. Central to this effort is improving the regulatory powers of the Office of the Data Commissioner.

“The pragmatic approach to improving our laws and regulations in this regard will require re-evaluating the framework for data protection to enhance the function and perspective of the Data Commissioner in protecting the digital business environment.”

This, Mr Duncombe wrote, will require the Bahamas to implement global best practices and “expand data rights” to incorporate the transfer of confidential and corporate trade data, as well as broaden the ‘rules of consent’ for information transfer.