The Office of the Privacy Commissioner of Bermuda

​

 In a seashell...​

​

Under PIPA, “organisation” refers to “any individual, entity or public authority that uses personal information”, and “overseas third party” means an organisation not domiciled in Bermuda.

​

Understanding your role and obligation as an organisation in relation to the personal information you are using is crucial in ensuring that you are PIPA-compliant and the fair treatment of individuals.

​

Where an organisation engages (by contract or otherwise) the services of a third party in connection with the use of personal information, the organisation remains responsible for ensuring compliance with PIPA at all times.

​

The Office of the Privacy Commissioner for Bermuda (PrivCom) has the power to take action against organisations under PIPA.

​

Individuals can bring claims against an organisation and may be entitled to compensation awarded by a court for financial loss and emotional distress.

​

Organisations should take the time to assess and document the status in respect of all the personal information and processing activities that the organisation carries out.