• PrivCom Bermuda

Mark Your Calendars for Data Privacy Day 2021!

Data Privacy . . . Week? That's right, there will be events all week in advance of Data Privacy Day, 28 January 2021! Check back here for the latest details on planned events and other announcements.

Monday, January 25th: The TLC Group will be hosting events throughout the week. Commissioner White will join them at 6pm for "The Privacy Conversation" about how to incorporate a privacy program into your business. You can register for any of the events during the week by following this link to TLC's site.


Update: Video of panel available on YouTube, and embedded below:







Tuesday, January 26th: Throughout the day, Commissioner White will join TLC for school presentations, talking to children about how to understand data privacy issues.


Over lunch, Walkers and TLC will co-host an event focusing on the healthcare industry and issues specific to that business sector. For more information on how to join Melanie Fullerton, Promila Gonsalves, and Commissioner White, see this flier about the event.


Wednesday, January 27th: The 14th annual Computer, Privacy, & Data Protection (CPDP) Conference starts today, and like many events in recent months it will be held completely virtually. The full agenda is available at their website.


Our office will provide a limited number of scholarships for students to attend the conference and learn more about privacy issues. If you're a Bermudian or Bermudian resident student, contact us at PrivCom@privacy.bm to express interest in the conference.


Thursday, January 28th: It's officially Data Privacy Day! Our office will host a live Q&A session with Commissioner White from 12:30-1:30pm on Twitter using our account @PrivComBermuda. You can ask questions in advance using the hashtag #DPDBDA2021 or by emailing us at PrivCom@privacy.bm. Use the hashtag to follow along - and join in with your own comments!


After work hours, join the local chapter of the International Association of Privacy Professionals (IAPP) for a virtual happy hour event from 5-6pm AST. For more details and to register, follow this link.


Friday, January 29th: Privacy is a booming industry - and we are hiring! Friday, January 29th, is the last day to apply for our posted position of Assistant Commissioner, Operations. For more about this position and working with our office, see our new Careers page.

Happy Data Privacy Day 2021!

To reach out to the Office of the Privacy Commissioner, please visit our Contact Us page.


Press Background:

  • Rights and responsibilities relating to data privacy are set out in the Personal Information Protection Act 2016 (PIPA). Bermuda's PIPA received Royal Assent on 27 July 2016. Sections relating to the appointment of the Privacy Commissioner were enacted on 2 December 2016, including the creation of the Office as well as those duties and powers relevant to its operation in the period leading up to the implementation of the whole Act. The Commissioner works to facilitate the advancement of consequential amendments to other Acts in order to harmonise them with PIPA.

  • The Office of the Privacy Commissioner for Bermuda (PrivCom) is an independent supervisory authority established in accordance with the Personal Information Protection Act 2016 (PIPA).

  • The mandate of the Privacy Commissioner is to regulate the use of personal information by organisations in a manner which recognizes both the need to protect the rights of individuals in relation to their personal information and the need for organisations to use personal information for legitimate purposes, among other duties.

  • The Privacy Commissioner's powers and responsibilities include monitoring the processing of personal information by both private- and public-sector organisations, investigating compliance with PIPA, issue guidance and recommendations, liaise with other enforcement agencies, and advise on policies and legislation that affect privacy. PrivCom's mission is also to raise awareness and educate the public about privacy risks and to protect people’s rights and freedoms when their personal data is used. The general powers of the Privacy Commissioner are outlined in Article 29 of PIPA.

  • Alexander White (Privacy Commissioner) was appointed by H. E. the Governor, after consultation with the Premier and Opposition Leader, to take office on 20 January 2020.

  • Privacy is the right of an individual to be left alone and in control of information about oneself. In addition to the protections in PIPA, the right to privacy or private life is enshrined in the United Nations' Universal Declaration of Human Rights (Article 12) and the European Convention of Human Rights (Article 8).

  • "Personal information" or data is a defined term in PIPA that means any information about an an identified or identifiable individual. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. "Sensitive personal information" is a defined term in PIPA that includes information relating to such aspects as place of origin, race, colour, sex, sexual life, health, disabilities, religious beliefs, and biometric and genetic information. (Note: This is not a complete list.)

  • "Use" of personal information is a defined term in PIPA that means "carrying out any operation on personal information, including collecting, obtaining, recording, holding, storing, organising, adapting, altering, retrieving, transferring, consulting, disclosing, disseminating or otherwise making available, combining, blocking, erasing or destroying it."

  • "Security" is addressed in section 13 of PIPA: "An organisation shall protect personal information that it holds with appropriate safeguards against risk, including loss; unauthorised access, destruction, use, modification or disclosure; or any other misuse. Such safeguards shall be proportional to the likelihood and severity of the harm ... the sensitivity of the personal information ... and the context in which it is held." Section 14 addresses breaches of security and reporting to PrivCom.

  • About Data Privacy Day: Celebrated worldwide on January 28th each year, Data Privacy Day (also called “Data Protection Day” in some places) marks the anniversary of a milestone treaty that enshrined privacy as a fundamental human right. In 1981, various countries in Europe came together and committed to respect their citizens’ privacy, in the treaty commonly known as the Council of Europe’s Convention 108. Since then, the European signatories have been joined by African and South American countries that also ratified the treaty. While more and more countries have domestic laws that protect privacy (like Bermuda’ Personal Information Protection Act), Convention 108 remains the only treaty that legally binds countries under the terms of international law. You can find more information and privacy resources at: https://staysafeonline.org/data-privacy-day/.