Mobile Menu

Understanding PIPA: The Role and Requirements of Privacy Officers

In a four-part series, Conyers continues its series on different topics relating to Bermuda’s privacy legislation, including: why we need privacy legislation and its purpose, how do we prepare for PIPA and what are our rights as individuals? In this third part, Conyers discusses the role and requirements of privacy officers.

Getting ready for PIPA may seem daunting — PIPA being Bermuda’s new(ish) privacy legislation, the Personal Information and Protection Act 2016. While we continue to await publication of the date that PIPA’s obligations will come into force, many organisations are wisely already underway with their preparations. Someone who could, and should, be crucial to the preparatory tasks is an organisation’s privacy officer. In this third part of the Conyers PIPA series, we discuss the role and requirements of this position.

Do all organisations need a privacy officer?

By way of recap, we set out some questions in the second part of the Conyers PIPA series to help establish whether or not PIPA applies to an organisation. In brief, PIPA applies to all organisations that use personal information in Bermuda where that personal information is used wholly or partly by automated means and/or forms part of a structured filing system.

If PIPA does apply to the organisation then the answer is ‘yes’, it must appoint a privacy officer. It is a mandatory requirement, with no exceptions.


To continue reading full articles in PDF format:
Understanding PIPA: The Role and Requirements of Privacy Officers


Julie E. McLean

Bermuda   +1 441 299 4925

Andrew Barnes

Bermuda   +1 441 278 8054

Sarah Blair

Bermuda   +1 441 279 5335

This article was first published in The Royal Gazette.


"I enjoy working with them - they are very dependable, reliable and responsive."
- Chambers Global