top of page
Page Top


In a seashell

  • PIPA sets out exemptions from some of the rights and obligations in some circumstances.

  • Whether or not you can rely on an exemption often depends on why you use personal information.

  • You should not routinely rely on exemptions; you should consider them on a case-by-case basis.

  • You should justify and document your reasons for relying on an exemption.

  • If no exemption covers what you do with personal information, you need to comply with PIPA as normal.


Exemptions: checklist

☐ We consider whether we can rely on an exemption on a case-by-case basis.

☐ Where appropriate, we carefully consider the extent to which the relevant PIPA requirements would be likely to prevent, seriously impair, or prejudice the achievement of our processing purposes.

☐ We justify and document our reasons for relying on an exemption.

☐ When an exemption does not apply (or no longer applies) to our processing of personal information, we comply with PIPA requirements as normal.


Organisations ask


What are exemptions?

In some circumstances, PIPA provides an exemption from particular PIPA provision. If an exemption applies, you may not have to comply with all the usual rights and obligations.


There are several different exemptions; these are detailed in Part 4 of PIPA.


The exemptions in PIPA can relieve you of some of your obligations for things such as:

  • the right to be informed

  • the right of access

  • dealing with other individual rights

  • reporting personal information breaches

  • complying with some of the principles.


Some exemptions apply to only one of the above, but others can exempt you from several things.


Under PIPA, a number of exclusions are listed at section 4. In practice they work a bit like an exemption. Here are some examples of exclusions:

  • Domestic purposes: personal information processed in the course of a purely personal or household activity, with no connection to a professional or commercial activity, is outside PIPA’s scope. This means that if you only use personal information for such things as writing to friends and family or taking pictures for your own enjoyment, you are not subject to PIPA.

  • Artistic, literary, or journalistic purposes: personal information used for these purposes with a view to publication in the public interest in so far as is necessary to protect the right to freedom of expression is outside PIPA’s scope.

  • The use of business contact information for the purpose of contacting an individual in their capacity as an employee or official of an organisation is outside PIPA’s scope.

  • The use of personal information transferred to an archival institution where access to the personal information was unrestricted or governed by an agreement between the archival institution and the donor of the personal information before the coming into operation of this Act is outside PIPA’s scope.

  • The use of personal information contained in a court file and used by a judge or competent authorities for law enforcement purposes is outside PIPA’s scope (e.g., the Police investigating a crime).

  • The use of personal information contained in a personal note, communication or draft decision created by or for an individual who is acting in a judicial, quasi-judicial or adjudicative capacity is outside PIPA’s scope.

  • The use of personal information used by a member of the House of Assembly or the Senate where such use relates to the exercise of his political function and the personal information is covered by parliamentary privilege is outside PIPA’s scope.

How do exemptions work?

Whether or not you can rely on an exemption generally depends on your purposes for processing personal information.


Some exemptions apply simply because you have a particular purpose. But others only apply to the extent that complying with PIPA would:

  • be likely to prejudice your purpose (e.g., have a damaging or detrimental effect on what you are doing); or

  • prevent or seriously impair you from processing personal information in a way that is required or necessary for your purpose.

Exemptions should not routinely be relied upon or applied in a blanket fashion. You must consider each exemption on a case-by-case basis.


If an exemption does apply, sometimes you will be obliged to rely on it (for instance, if complying with PIPA would break another law), but sometimes you can choose whether or not to rely on it.


In line with the accountability principle, you should justify and document your reasons for relying on an exemption so you can demonstrate your compliance.


If you cannot identify an exemption that covers what you are doing with personal information, you must comply with PIPA as normal.

What exemptions are available?

National security exemption

Communication provider exemption

Regulatory activity and honours exemption

General exemption

Use of personal information by organisations in Bermuda

Depending on how an organisation uses personal information, there are three basic levels of privacy programme compliance with PIPA:

  • Full compliance, meaning PIPA applies fully to how an organisation uses personal information.

  • Partial exemption for uses of personal information that are exempt under sections 22 (National security exemption), 24 (Regulatory activity and honours exemption) and 25 (General exemption). Uses of personal information are usually only exempt from provisions of PIPA to the extent that PIPA would interfere with the intended purpose. The minimum requirements still apply.

  • No compliance is required for uses of personal information that are excluded under section 4 Exclusions.


For more information, see our Guidance note on the use of personal information by organisations.

bottom of page