top of page
Search

Office of the Privacy Commissioner for Bermuda (PrivCom) is releasing statistics for Q4/2025

  • Writer: privcombermuda
    privcombermuda
  • 1 day ago
  • 2 min read

The Personal Information Protection Act 2016 (PIPA) came into full effect on 1 January 2025.

Please note this report is limited to reported personal information breaches, written requests, and general queries received by the PrivCom Investigations Unit during Q4 (1 October  – 31 December 2025) and that some statistics may be subject to change with updated information.


Q4 Statistics Summary


 

Personal Information Breaches

 

  • There were a total of five (5) reported personal information breaches during Q4.

  • Of the five (5) reported personal information breaches, three (3) were closed by PrivCom during Q4, while 2 are currently active and remain open.*

  • Of the five (5) reported personal information breaches:

o   One (1) was related to accidental disclosure of personal information.

o   Two (2) were related to internal (employee) unauthorized access to personal

information.

o   Two (2) were related to external (3rd party) unauthorized access to personal

information.

 

*One (1) personal information breach was re-opened in Q4 based on new information received by our office. This specific breach remains open in Q1/26.

 

 

Written Requests


  • There were a total of ten (10) written requests received by PrivCom during Q4.

  • Of the ten (10) total written requests received, 5 (five) were written requests asking for a review and 5 (five) were written requests initiating a Complaint under PIPA. 

  • Of the 5 (five) Reviews received:

o   Two (2) were resolved informally through early resolution.

o   Three (3) are currently active and remain open

  • Of the 5 (five) Complaints received:

o   All 5 (five) are currently active and remain open.

 

General Queries


  • There were a total of thirteen (13) general queries received during Q4.


  • Of the general queries received during Q4, all thirteen (13) were closed by PrivCom

informally during Q4 by providing recommendations or guidance to relevant resources.


  • Some of the common general queries received in Q4 included:

o   Questions relating to the reasonableness of organisations charging a fee

o   Concerns about PIPA in relation to how a business operates and offers their services

o   Concerns about unauthorized access to and disclosure of personal and sensitive

information within the workplace

 

Q4 Key Takeaway


Personal Information Breaches (Employee Conduct)


PrivCom received two (2) breach notifications from Organisations relating to unauthorised access to personal information by their internal employees during Q4. It is important for employees to be aware of not just the potential employment-related consequences associated with accessing personal information without authority, but also the employer’s compliance standing under PIPA. Any breach trends identifying non-compliance may lead to formal action by PrivCom. PrivCom recommends that organisations continue to periodically train staff on all privacy principles and obligations under PIPA to limit the occurrence of internal breaches.

 
 
bottom of page