In March 2024, The Office of the Privacy Commissioner (PrivCom) sent out a call for input from the financial services community regarding areas of concern or gaps that may need to be addressed regarding how new privacy laws interact with financial regulations. The goal was to develop guidance on best practices through a collaborative, multi-stakeholder process, and with the thinking that the best way to protect individuals’ privacy rights is by ensuring the practices make business sense, too.
Members of the financial services community were invited to provide written input and to participate in a meeting on 25th March to discuss and explore the intersection of the Personal Information Protection Act 2016 (“PIPA”) and financial obligations under the relevant anti-money laundering and financial crime legislation, such as from the Bermuda Monetary Authority. The aim was to identify any areas of potential inconsistency or gaps which may need to be addressed to ensure that both legislative and regulatory regimes complement each other, enabling businesses to operate efficiently, effectively, and with regulatory certainty.
The financial services industry is an important sector in Bermuda, and the largest contributor to the Bermuda's economy. With Bermuda’s PIPA due to come into effect on 1st January 2025, Bermuda will join a host of other countries with privacy legislation. In the countdown to 2025, one of PrivCom’s goals is to review how the PIPA interacts with existing legislation, regulation, and regulators to ensure a joined-up approach to data regulation and help to avoid overlapping or divergent approaches or duplicate enforcement.
After reflecting on the contributions requested of each of the sectors subject to anti-financial crime obligations who provided their comments and attended the meeting, PrivCom reviewed areas which may require clarification or guidance on the intersection of the PIPA and other requirements. The project was led by Vivienne Artz OBE, Senior Data Strategy & Privacy Policy Advisor to the Centre for Information Policy Leadership and specialist in the privacy and anti-financial crime issues, with significant internal contributions from PrivCom’s Kendra Mello.
The public, and particularly members of the financial services industry, are invited to respond to a draft report. PrivCom will review responses for further updates with a view to identifying any further areas of concern, finalising the report, and creating an action plan.
The report may be found here.
Responses are requested to “privcom@privacy.bm” on or before Friday, 25 October 2024.
Commissioner White: "I would like to thank the members of the public who took the time to participate in this process. Their insights were invaluable in helping my office position itself to meet PIPA's privacy goals, while also ensuring that, as we like to say, 'Privacy Means Business'.”
Comments