Mobile Menu

Understanding PIPA: Defining its Scope and Starting to Prepare

In a four-part series, Conyers will be diving into different topics relating to Bermuda’s privacy legislation, including: why we need privacy legislation and its purpose, how do we prepare for PIPA, the role and requirements of privacy officers, and what are our rights as individuals? In this second part, Conyers discusses to whom PIPA applies and what organisations can do to prepare for its implementation.

In the first part of this series we discussed why data and privacy legislation has developed and its purpose. We also provided a brief introduction to Bermuda’s privacy legislation, the Personal Information Protection Act 2016 (“PIPA”). While the substantive provisions of PIPA have not yet come into force, and we do not yet have a date for implementation, many organisations have already begun the process of getting “PIPA-prepared”. Indeed, the Privacy Commissioner and his team have been providing helpful community outreach and guidance to assist with this process. However, it understandably remains a challenge to know where to begin.

Before being able to establish any privacy program, an organisation needs to first understand whether PIPA applies to it and what personal information it is holding or has control over. Essentially they need to conduct an “information inventory”. This is not as scary as it sounds but does require management to consider a number of factors.


To continue reading full articles in PDF format:
Understanding PIPA: Defining its Scope and Starting to Prepare


Julie E. McLean

Bermuda   +1 441 299 4925

Andrew Barnes

Bermuda   +1 441 278 8054

Sarah Blair

Bermuda   +1 441 279 5335

This article was first published in The Royal Gazette.


"I enjoy working with them - they are very dependable, reliable and responsive."
- Chambers Global