Key Definitions
​
Who does PIPA apply to?
​
PIPA applies to every organisation that uses personal information in Bermuda.
​​
If you are an organisation, PIPA places specific legal obligations on you; for example, you are required to maintain records of personal information and processing activities. You will have legal liability if you are responsible for a breach.
​
If you are an organisation, you are not relieved of your obligations where an overseas third party is involved – PIPA places further obligations on you to ensure your contracts with overseas third parties comply with PIPA.
​
PIPA as a whole or some sections does not apply to certain activities including processing covered by law enforcement, use of personal information for national security purposes and use of personal information for artistic, literary, or journalistic purposes with a view to publication in the public interest, or personal or domestic purposes.
​
Depending on how an organisation uses personal information, there are three basic levels of privacy programme compliance with PIPA:
-
Full compliance, meaning PIPA applies fully to how an organisation uses personal information.
​
-
Partial exemption for uses of personal information that are exempt under sections 22 (National security exemption), 24 (Regulatory activity and honours exemption) and 25 (General exemption). Uses of personal information are usually only exempt from provisions of PIPA to the extent that PIPA would interfere with the intended purpose. The minimum requirements still apply.
​
-
No compliance is required for uses of personal information that are excluded under section 4 Exclusions.
For more information, see our Guidance note on the use of personal information by organisations in Bermuda.
What is privacy?
​
​Privacy is the right of an individual to be left alone and in control of information about oneself. In addition to the protections in PIPA, the right to privacy or private life is enshrined in the United Nations' Universal Declaration of Human Rights (Article 12) and the European Convention of Human Rights (Article 8).
What are the minimum requirements?
​
“Minimum requirements” means the requirements of sections 5 (Responsibility and compliance), 8 (Fairness), 11 (Proportionality), 12 (Integrity of personal information), and 13 (Security safeguards).
​
​