Bermuda’s Personal Information Protection Act (PIPA) received Royal Assent on July 27, 2016, Ministerial statement and Personal Information Protection Act 2016.
The PIPA outlines the requirements for organisations that use personal information, as well as the rights that individuals have regarding the use of their personal information by organisations. This legislation, which follows international best practice, applies to all organisations, businesses and the government that use personal information in Bermuda. While organisations require the use of personal information to provide services, it is important that individuals have control over their information and how it is used and shared. Privacy legislation is also critical in the digital age. It plays a major role in the development of a country’s cybersecurity framework and is a key driver for a successful digital economy.
The PIPA will not come into force until approximately the end of of 2018. The UK, by way of comparison, has has a Data Protection Act since 1984.
For more information: ictpolicy@gov.bm
Act: Personal Information Protection Act 2016 (1)
An ‘independent’ Privacy Commissioner will be appointed.
In light of the ‘Bermuda Hack’, the ‘Paradise Papers’, possibly it is time for Bermuda to concentrate on data security