The Office of the Privacy Commissioner of Bermuda

​

            In a seashell​

​

     Under PIPA, “organisation” refers to “any individual, entity or public authority that uses personal information”, and “overseas third party” means an organisation not domiciled in Bermuda.

​

     Understanding your role and obligation as an organisation in relation to the personal information you are using is crucial in ensuring that you are PIPA-compliant and the fair treatment of individuals.

​

     Where an organisation engages (by contract or otherwise) the services of a third party in connection with the use of personal information, the organisation remains responsible for ensuring compliance with PIPA at all times.

​

     The Office of the Privacy Commissioner for Bermuda (PrivCom) has the power to take action against organisations under PIPA.

​

     Individuals can bring claims for compensation and damages against organisations for financial loss and emotional distress.

​

     Organisations should take the time to assess and document the status in respect of all the personal information and processing activities that the organisation carries out.