Log In

Reset Password
BERMUDA | RSS PODCAST

Lead-in to Pipa law is not too lengthy

Duncan Card: Appleby partner who specialises in IT and outsourcing contracts, privacy law and cybersecurity compliance in Bermuda (Photograph supplied)

Last Friday in the House of Assembly, the Government introduced amending legislation required to bring Bermuda’s 2016 privacy laws into effect on January 1, 2025. That may seem like a long ramp-up period to some, but it is not.

Bermuda’s Personal Information Protection Act 2016 sets out a comprehensive regime to protect a broad range of personal information, including information – among all other details about an identified or identifiable individual – that may disclose an individual’s address and contact information, family status, financial circumstances, and their physical and mental health.

As important as it is for many organisations and businesses to use and rely upon personal information to carry on business, it is also vital to ensure that such information is protected and not wrongfully exploited.

In order for international business in Bermuda to use personal information from foreign jurisdictions, Pipa will, in part, create a “safe harbour” for the cross-border flow and use of such data in Bermuda.

Therefore, organisations that use any form of personal information in Bermuda must use the time between now and January 1, 2025 to:

• Understand both the privacy rights of individuals and the obligations and requirements of their organisations under Pipa

• Develop a critical path to adopt and implement the compliance measures and policies that will be required

• Train their personnel in the systems, activities and procedures that must soon be adopted and implemented to ensure their compliant use of personal information

Many organisations have diligently begun that compliance development process and will benefit from their head start. Others, some of whom have complex operations that are highly dependent on personal information, now have a fixed date for compliance that will likely be motivational.

Friday’s introduction of Pipa’s amending legislation was just the beginning of Pipa’s implementation. Although those amendments are designed to harmonise Pipa with the laws that allow the public to access government information, the Electronic Transactions Act 1999 also contains various privacy provisions that I suspect may also require some harmonisation in the months ahead.

Perhaps one of the greatest benefits that the 18 month lead-time will provide is the time that it will afford the Privacy Commissioner to publish his much anticipated Guide to Pipa that was announced last week, and that is promised to contain “dozens of pages of tips, checklists and other pieces of advice” that will provide welcomed compliance guidance to encourage and facilitate Pipa preparedness.

Duncan Card is a partner at Appleby who specialises in IT and outsourcing contracts, privacy law and cybersecurity compliance in Bermuda. A copy of this column can be obtained on the Appleby website at www.applebyglobal.com. This column should not be used as a substitute for professional legal advice. Before proceeding with any matters discussed here, persons are advised to consult with a lawyer

You must be Registered or to post comment or to vote.

Published June 22, 2023 at 7:57 am (Updated June 22, 2023 at 10:01 am)

Lead-in to Pipa law is not too lengthy

What you
Need to
Know
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon