Mobile Menu
Alerts

Bermuda Appoints Privacy Commissioner to Implement Data Protection Legislation

Bermuda has appointed its first Privacy Commissioner, a role established under the Personal Information Protection Act 2016 (PIPA). The new commissioner will be tasked with fully implementing the PIPA legislation. Certain sections of PIPA came into force in 2016, and this appointment is an important step in bringing the remaining operative provisions into force. Organisations that have not yet reviewed their obligations under PIPA would be well advised to do so now.

Alexander White, a US lawyer, has been appointed Privacy Commissioner with effect from 20 January 2020. He will be responsible for setting up the Privacy Commissioner’s Office, hiring and training staff, undertaking investigations, providing reports and developing public awareness of the rights of individuals and the obligations of organisations under PIPA.

PIPA sets out how organisations, businesses and the Bermuda Government may use personal information. It applies to every individual, entity or public authority that uses personal information in Bermuda, including non-profits. The legislation reflects a set of internationally accepted privacy principles and good business practices for the use of personal information in the digital age.

“Personal information” is defined as any information about an identified or identifiable individual. “Use” is defined very broadly and includes collecting, storing, disclosing, transferring and destroying information.

What obligations does PIPA impose?


PIPA imposes specific obligations on organisations that control the processing of personal information, including:

  • Every organisation must adopt suitable measures and policies to give effect to its obligations and to the rights of individuals as set out in PIPA. Organisations must provide individuals with a clear and easily accessible statement about their practices and policies with respect to personal information.

  • The measures and policies must be designed to take into account the nature, scope, context and purposes of the use of personal information and the risk to individuals of the use of the personal information.

  • Where an organisation engages the services of a third party in connection with the use of personal information, the organisation remains responsible for ensuring compliance with PIPA at all times (with additional requirements where an overseas third party is engaged).

  • Every organisation must designate a “privacy officer” for the purposes of compliance with PIPA. The privacy officer will have primary responsibility for communicating with the Privacy Commissioner.

 

To continue reading full articles in PDF format:
Bermuda Appoints Privacy Commissioner to Implement Data Protection Legislation

 


Julie E. McLean
Director

Bermuda   +1 441 299 4925


Andrew Barnes
Associate

Bermuda   +1 441 278 8054


Ben Adamson
Director

Bermuda   +1 441 298 7824


Accolades
_

"They understood the urgency and demanding nature of the deals that we were working on - they were very responsive and commercial, and worked with us to make it happen."
- Chambers Global