• PrivCom Bermuda

Appearances & Events: BEDC's "Mind Your Business" & Bermuda Cybersecurity Governance Board Webinar

On August 13th and 19th, Commissioner White appears in two events coordinated by the Bermuda Economic Development Corporation (BEDC).


BEDC hosts a regular radio programme on Bermuda Broadcasting Corporation (BBC)'s Ocean 89, entitled "Mind Your Business." The commissioner speaks about what the Personal Information Protection Act (PIPA) means for small- and medium-sized businesses and start-ups.


In addition to our office's Legislation & Guidance resources, interested businesses may also take advantage of community resources such as free privacy assessments from trainees seeking work experience as well as the opportunity to collaborate directly with PrivCom on innovative technologies and business products through our Privacy Innovation and Knowledge-Sharing ("Pink") Sandbox.


On 19 August from 12:30-1:30pm, BEDC hosts a free webinar called "Privacy & Security Considerations for Businesses Post-COVID-19."


Featuring members of the Bermuda Cybersecurity Governance Board, this webinar will discuss recent trends in privacy and cybersecurity and how businesses can respond and prepare.


To register for the event, visit BEDC.bm or the GoToWebinar registration.


To reach out to the Office of the Privacy Commissioner, please visit our Contact Us page.


Press Background:

  • Rights and responsibilities relating to data privacy are set out in the Personal Information Protection Act 2016 (PIPA). Bermuda's PIPA received Royal Assent on 27 July 2016. Sections relating to the appointment of the Privacy Commissioner were enacted on 2 December 2016, including the creation of the Office as well as those duties and powers relevant to its operation in the period leading up to the implementation of the whole Act. The Commissioner works to facilitate the advancement of consequential amendments to other Acts in order to harmonise them with PIPA.

  • The Office of the Privacy Commissioner for Bermuda (PrivCom) is an independent supervisory authority established in accordance with the Personal Information Protection Act 2016 (PIPA).

  • The mandate of the Privacy Commissioner is to regulate the use of personal information by organisations in a manner which recognizes both the need to protect the rights of individuals in relation to their personal information and the need for organisations to use personal information for legitimate purposes, among other duties.

  • The Privacy Commissioner's powers and responsibilities include monitoring the processing of personal information by both private- and public-sector organisations, investigating compliance with PIPA, issue guidance and recommendations, liaise with other enforcement agencies, and advise on policies and legislation that affect privacy. PrivCom's mission is also to raise awareness and educate the public about privacy risks and to protect people’s rights and freedoms when their personal data is used. The general powers of the Privacy Commissioner are outlined in Article 29 of PIPA.

  • Alexander White (Privacy Commissioner) was appointed by His Excellency the Governor, after consultation with the Premier and Opposition Leader, to take office on 20 January 2020.

  • "Personal information" or data is a defined term in PIPA that means any information about an an identified or identifiable individual. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. "Sensitive personal information" is a defined term in PIPA that includes information relating to such aspects as place of origin, race, colour, sex, sexual life, health, disabilities, religious beliefs, and biometric and genetic information. (Note: not a complete list.)

  • Privacy is the right of an individual to be left alone and in control of information about his or herself. In addition to the protections in PIPA, the right to privacy or private life is enshrined in the United Nations' Universal Declaration of Human Rights (Article 12) and the European Convention of Human Rights (Article 8).

  • "Use" of personal information is a defined term in PIPA that means "carrying out any operation on personal information, including collecting, obtaining, recording, holding, storing, organising, adapting, altering, retrieving, transferring, consulting, disclosing, disseminating or otherwise making available, combining, blocking, erasing or destroying it."

  • Bermuda Cybersecurity Governance Board: A working group established according to the "Bermuda Cybersecurity Strategy 2018-2022" and composed of public- and private-sector stakeholders. The Board works to coordinate, plan, and implement cybersecurity initiatives across Bermuda, including providing advice and support and recommending good practices.

For information about how we use personal information, see our Privacy Notice.