top of page


            In a seashell

PIPA sets out 12 key principles and rules: 


These principles and rules should lie at the heart of your approach to using personal information.


They are based on the internationally recognized Fair Information practices (FIPs) and incorporated into international privacy principles such as the GDPR or the OECD Privacy Principles.


All organisations, even organisations with partial PIPA exemption, will be subject to the minimum requirements.

          Organisations ask

What are the principles and rules?

Part 2, sections 5-16 of PIPA, sets out the aforementioned 12 key principles and rules that lie at the core of Bermuda’s data privacy law.


Why are they important?

The principles and rules are set out right at the start of the legislation, and inform everything that follows.


The principles don’t give hard and fast rules; rather, they embody the spirit of the general data privacy regime. There are very limited exceptions to these rules and principles.


Compliance with these key principles and the detailed provisions that PIPA sets is therefore a fundamental building block for good data privacy practice.


Failure to comply with the principles may leave you open to investigation, enforcement, and/or prosecution for an offence. 

Minimum requirements: what are they?

The term “minimum requirements” means the requirements of PIPA’s Part 2, sections 5 (Responsibility and compliance), 8 (Fairness), 11 (Proportionality), 12 (Integrity of personal information), and 13 (Security safeguards).


Minimum requirements apply to all organisations, even those whose use of personal information may qualify for exemptions.

bottom of page