Data Protection Act

Privacy – Personal Information Protection Act (PIPA) – Whilst many countries recognize the right to informational privacy, or the right to protect their personal information, as an important human right and have developed laws to protect individuals’ personal information, Bermuda remains slow to put such legislation in place.

Bermuda’s Personal Information Protection Act (PIPA) received Royal Assent on July 27, 2016, Ministerial statement and Personal Information Protection Act 2016.

The PIPA outlines the requirements for organisations that use personal information, as well as the rights that individuals have regarding the use of their personal information by organisations. This legislation, which follows international best practice, applies to all organisations, businesses and the government that use personal information in Bermuda. While organisations require the use of personal information to provide services, it is important that individuals have control over their information and how it is used and shared. Privacy legislation is also critical in the digital age. It plays a major role in the development of a country’s cybersecurity framework and is a key driver for a successful digital economy.

The PIPA will not come into force until approximately the end of of 2018. The UK, by way of comparison, has has a Data Protection Act since 1984.

For more information:

Act: Personal Information Protection Act 2016 (1)

An ‘independent’ Privacy Commissioner will be appointed.

In light of the ‘Bermuda Hack’, the ‘Paradise Papers’, possibly it is time for Bermuda to concentrate on data security