top of page

Organisations and Overseas Third Parties

            In a seashell

     Under PIPA, “organisation” refers to “any individual, entity or public authority that uses personal information”, and “overseas third party” means an organisation not domiciled in Bermuda.

     Understanding your role and obligation as an organisation in relation to the personal information you are using is crucial in ensuring that you are PIPA-compliant and the fair treatment of individuals.

     Where an organisation engages (by contract or otherwise) the services of a third party in connection with the use of personal information, the organisation remains responsible for ensuring compliance with PIPA at all times.

     The Office of the Privacy Commissioner for Bermuda (PrivCom) has the power to take action against organisations under PIPA.

     Individuals can bring claims for compensation and damages against organisations for financial loss and emotional distress.

     Organisations should take the time to assess and document the status in respect of all the personal information and processing activities that the organisation carries out.

bottom of page