Understanding PIPA: Defining its Scope and Starting to Prepare

In a four-part series, Conyers will be diving into different topics relating to Bermuda’s privacy legislation, including: why we need privacy legislation and its purpose, how do we prepare for PIPA, the role and requirements of privacy officers, and what are our rights as individuals? In this second part, Conyers discusses to whom PIPA applies and what organisations can do to prepare for its implementation.

In the first part of this series we discussed why data and privacy legislation has developed and its purpose. We also provided a brief introduction to Bermuda’s privacy legislation, the Personal Information Protection Act 2016 (“PIPA”). While the substantive provisions of PIPA have not yet come into force, and we do not yet have a date for implementation, many organisations have already begun the process of getting “PIPA-prepared”. Indeed, the Privacy Commissioner and his team have been providing helpful community outreach and guidance to assist with this process. However, it understandably remains a challenge to know where to begin.

Before being able to establish any privacy program, an organisation needs to first understand whether PIPA applies to it and what personal information it is holding or has control over. Essentially they need to conduct an “information inventory”. This is not as scary as it sounds but does require management to consider a number of factors.

 

To continue reading full articles in PDF format:
Understanding PIPA: Defining its Scope and Starting to Prepare

 

---

---

---

---

This article was first published in The Royal Gazette.