What Information is Exempt from Data Protection Law?

Some types of information are exempt from data privacy and protection regulation. These include the following:     

 

• business information such as your company's email addresses (as long as it doesn’t include someone’s name, i.e. john.richek@yourcompany.com);

​

• your company’s financial statements;

​

• paper records that aren’t intended to be kept as part of a filing system; and

​

• information that you use for purely personal, family or household purposes. Note that PIPA refers to information collected, used and stored for business purposes or in a business context.

​

Consider this:

​

1. An individual’s resume will clearly identify them as a person.

2. A person's contact details, their past employment history, and personal interests. Internal payroll records can link a named employee to their social security number, bank account details and earnings.

3. Customer contact details may reveal who someone is, where they live, their email address, telephone number and what product or service they purchased from you.

 

These records reveal the identity of an individual and may include additional information connected to them. Personal information must be handled in compliance with data privacy and protection laws, and in Bermuda, the regulation is called the Personal Information Protection Act (PIPA 2016).

 

Value add tip:

Keep business information separate from personal files, such as birthday reminders, family celebrations and personal finances. This will help with prioritizing the information that could be subject to data privacy and protection obligations, and information that may be exempt.