On Jun. 16, BER DP issued official date of full PIPA implementation.
BER DP issued date of full Personal information protection act (PIPA) implementation.
PIPA received royal assent in 2016; the law will be brought into full effect Jan. 1, 2025.
Document dated Jun. 16, 2023, was added on Sep. 6, 2023 due to editorial backfill.
Background
PIPA was partially enacted in 2016, enabling appointment of the Privacy Commissioner and creation of BER DP (Office of the Privacy Commissioner for Bermuda, PrivCom).
Act sets out a comprehensive regime to protect a broad range of personal information.
In Jul. 2023, BER GVT also passedPersonal information protection amendment act, to harmonize PIPA with Public access to information act 2010 (PATI) legislation #176562.
PIPA Full Implementation
The commencement date for the remaining clauses of PIPA will be Jan. 1, 2025.
Firms that use personal data have 18 months to prepare for full PIPA implementation.
BER DP will guide organisations with a phased action plan, continue to issue guidance.
Will also publish a comprehensive guide to PIPA, and other guidance on specific topics.
Specific topics include what privacy means in employment context; individuals' rights.
BER DP highlighted that it works closely with regulatory partners around the world.
Such as UK, Canada, US, to ensure consistency, interoperability with requirements.
Starting on data privacy week in Jan. 2024, BER DP will provide the community with specific goals and actions to take each month as part of a phased action plan.
Aug. 2023 BER DP PIPA Website
On Aug. 15, 2023, BER DP reported rollout of new data privacy informational website.
In preparation for full implementation of Personal information protection act (PIPA).
This first phase of the new PIPA website launch will be targeted towards organizations.
A full guide to PIPA is made available, highlighting legislation elements and helpful guidance for organizations relating to their obligations and compliance under PIPA.
The organizations’ hub will feature specifically dedicated small business information.
It will also assist users in determining whether their query is, in fact, privacy related.
Oct. 2023 BER DP Global Privacy Assembly
On Oct. 18, 2023, BER DP announced 45th Global Privacy Assembly, and discussed the latest in technology, including AI, algorithmic programming, automation, blockchain.
Also addressed the metaverse, big data analysis and cross-border data transfers.
Technological advancements must consider privacy and safety of personal information.
Bermuda aiming to become a host for data servers, and must ensure data safety.
PIPA update to give comprehensive protection for individuals, international privacy principles, economic interests, regulatory regime consistent with Bermuda business.
Document dated Oct. 18, 2023, was received on Nov. 8, 2023, due to a fixed feed.
Jan. 2024 BER DP Road to PIPA
On Jan. 29, 2024, BER DP launchedRoad to PIPA during Data Privacy Week (DPW).
Jan. 1, 2025 will mark the official implementation date for the PIPA, and Road to PIPA will assist organizations with guidance on how to become compliant with the Act.
Representatives from the business community and the public sector signed an intent statement to commit to protecting the personal information of individuals in Bermuda.
Generally relied on individuals and their corresponding organizations to conduct themselves, handle data in a manner that supports policy and professional practice.
PIPA intended to ensure the same conduct via a series of express statutory obligations.
Mar. 2024 BER DEP Update
On Mar. 11, 2024, BER DP issued guidance on certain exclusions from PIPA.
No compliance will be required for uses of personal information for personal or domestic purposes, for artistic, literary, journalistic purposes with a view to publication.
Also excludes application to the use of business contact information for purpose of contacting an individual in their capacity as employee or official of an organization.
Further, PIPA does not apply to personal information about person dead for at least 20 years, or information about a person that has been in existence for at least 150 years.
No application to personal information transferred to an archive, data in a court file, or used by a member of Assembly or Senate in the exercise of his/her political function.
