ABOUT THE OFFICE
The Office of the Privacy Commissioner for Bermuda was established as an independent public office in accordance with the Personal Information Protection Act 2016 (PIPA). The mandate of the Privacy Commissioner is to regulate the use of personal information by organisations in a manner which recognizes both the need to protect the rights of individuals in relation to their personal information and the need for organisations to use personal information for legitimate purposes, among other duties.
MEET THE COMMISSIONER
Alexander McD White
Commissioner White has served as Bermuda's first Privacy Commissioner since January 2020. He is a lawyer qualified to practice law in the United States and a former US federal privacy adviser and IAPP Advisory Board member, with experience working in the insurance industry and managing a state government's privacy program.
He holds a variety of privacy, legal, cybersecurity, and risk management qualifications and is a two-time graduate of the University of Georgia (US).
ABOUT OUR SYMBOLS
One of the many things that Bermuda is famous for is its window shutters. These distinctive blinds are a wonderful metaphor for privacy: you can choose whether you want them to be open to the world or more closed depending on your comfort level or daily needs.
As an iconic symbol of Bermuda and privacy, these blinds are the inspiration for the logo of the Office of the Privacy Commissioner.
Bermuda's national motto, Quo Fata Ferunt, comes from the Aeneid. Like the first Bermudians, Virgil's Trojans found themselves shipwrecked. Considering what to do next, they decided that wherever the Fates may take them, they will follow and persevere.
With a cheeky, one-letter adjustment to "Quo Data Ferunt" the Office of the Privacy Commissioner commits to following wherever the data may lead and to persevering in the protection of individuals' rights and freedoms.
For more on the island's crest and motto, see: "Lot more to our Island’s motto" by George L Cook.
Inspired by the natural beauty of standing at the Bermudian shore, the Office of the Privacy Commissioner adopted as its colours the pink of wet sand, the teal of shallow bays, and the deep blue of the Sargasso Sea.
Rights and responsibilities relating to data privacy are set out in the Personal Information Protection Act 2016 (PIPA). Bermuda's PIPA received Royal Assent on 27 July 2016. Sections relating to the appointment of the Privacy Commissioner were enacted on 2 December 2016, including the creation of the Office as well as those duties and powers relevant to its operation in the period leading up to the implementation of the whole Act. The Commissioner also works to facilitate the advancement of consequential amendments to other Acts in order to harmonise them with PIPA.
The Office of the Privacy Commissioner for Bermuda (PrivCom) is an independent supervisory authority established in accordance with the Personal Information Protection Act 2016 (PIPA).
The mandate of the Privacy Commissioner is to regulate the use of personal information by organisations in a manner which recognizes both the need to protect the rights of individuals in relation to their personal information and the need for organisations to use personal information for legitimate purposes, among other duties.
The Privacy Commissioner's powers and responsibilities include supervising the processing of personal information by both private- and public-sector organisations, investigating compliance with PIPA, issuing guidance and recommendations, liaising with other enforcement agencies, and advising on policies and legislation that affect privacy. PrivCom also works to raise awareness and educate the public about privacy risks, and to protect people’s rights and freedoms when their personal data is used. The general powers of the Privacy Commissioner are outlined in section 29 of PIPA.
Alexander White (Privacy Commissioner) was appointed by H.E. the Governor of Bermuda, after consultation with the Premier and Opposition Leader, to take office on 20 January 2020.
Privacy is the right of an individual to be left alone and in control of information about oneself. In addition to the protections in PIPA, the right to privacy or private life is enshrined in the United Nations' Universal Declaration of Human Rights (Article 12) and the European Convention on Human Rights (Article 8).
"Personal information" or data is a defined term in PIPA that means any information about an an identified or identifiable individual. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. "Sensitive personal information" is a defined term in PIPA that includes information relating to such aspects as place of origin, race, colour, sex, sexual life, health, disabilities, religious beliefs, and biometric and genetic information. (Note: This is not a complete list.)
"Use" of personal information is a defined term in PIPA that means "carrying out any operation on personal information, including collecting, obtaining, recording, holding, storing, organising, adapting, altering, retrieving, transferring, consulting, disclosing, disseminating or otherwise making available, combining, blocking, erasing or destroying it."