Bermuda Businesses: Are You Ready To Comply With Our New Privacy Rules?

Published date02 March 2023
Subject MatterCorporate/Commercial Law, Privacy, Compliance, Corporate and Company Law, Privacy Protection
Law FirmAppleby
AuthorDuncan Card

There have been recent indications from the Bermuda Government that Bermuda's Personal Information Protection Act 2016 ("PIPA") may come into full force this year.

Since PIPA was enacted in 2016, the Government of Bermuda and the Privacy Commissioner have been developing the Office of the Privacy Commissioner, organising administrative resources, and educating the public and businesses who collect and use personal information of their respective rights and obligations under PIPA. That is a good thing, because there is a lot for businesses to address.

In many ways, PIPA is one of Bermuda's few consumer rights laws and it is one that imposes onerous operational and administrative obligations that will be overseen by the experienced regulatory office of the Privacy Commissioner, Alexander White.

Given the recent indications that PIPA may be brought into full force this year, even if only on a sector by sector basis and perhaps with a compliance grace period, the questions for all businesses that collect and use personal information include:

  • Are you administratively ready to fully comply with PIPA?
  • How will you secure the consent necessary to collect and use personal information?
  • How will you manage communications with individuals who want to see a copy of all personal information that you have about them?
  • How will you manage their requests for corrections to, or deletions of, their personal information?
  • To what extent must you revise your outsourcing, IT service contracts, and data processing service agreements?
  • Are you organised to comply with an individual's direction for you to stop using their personal information?

As a result of the many rights that PIPA bestows on individuals, organisations must ensure that all of their business processes, customer relations programmes, data management systems and administrative processes are compliant with the practices, protections, and use restrictions that PIPA will soon impose on them.

Just as other organisations who are subject to similar privacy laws around the world have done, Bermuda organisations will have to review all of their current business processes and assess to what extent must they now be revised to ensure PIPA-compliant practices.

It is the common failure of businesses across all privacy jurisdictions when privacy laws are first introduced to appreciate the profound nature of how PIPA will impact many of their internal business operations. For example, in addition to the questions posed above, are...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT