Week 1: Feb 5, 2024
-
Activity: CEO Endorsement Letter Available
​
​
-
Resource: Blog Post: What is a privacy programme?
​
​
​
Week 2: Feb 12, 2024
-
Activity: Designate a Privacy Officer (PO), Monitor privacy compliance, foster a culture of privacy.
​
​
-
Resource: Blog Post: What is a Privacy Officer?
​
​
Week 3: Feb 19, 2024
-
Activity: Conduct all staff training on Privacy basics.
​
-
Tool: Privacy & PIPA
​
​
-
Event: Coming in March 2024! PIPA Unveiled
Week 4: Feb 26, 2024
-
Activity: Create a list of business units.
​
-
Tool: Setting up a Privacy Committee form
​
-
Resource: How Investing in a Privacy Program Pays Off
​
-
Event: Global Connections
​
​
Week 5: Mar 4, 2024
-
Activity: Set up interviews with each member of your Privacy Committee.
-
Tool: Interview Guide
-
Resource: Mid-Atlantic Privacy: Responsibility, Collaboration, and Creativity + Bermuda's Pink Sandbox
-
Event: PIPA Unveiled Fireside Chat
Week 6: Mar 11, 2024
-
Activity: Determine how PIPA affects each area of your business.
-
Resource: PIPA/GDPR Crosswalk
-
Event: Bermuda Risk Summit
Week 7: Mar 18, 2024
-
Activity: Begin Data Mapping
-
Tool: Mid Atlantic Privacy: Interoperability, or Why Bermuda is not an island.
Week 8: Apr 1, 2024
-
Activity: Each member of the privacy committee takes 15 min to identify the information life cycle & "flow" for their unit.
-
Tool: PrivCom Q2 Checklist
-
Resource: Responsibility & Compliance
Week 9: Apr 8, 2024
Activity: Identify the purposes for which you use Personal Information?
Tool: PrivCom Checklist
Resource: Purpose Limitation
Event: Commissioner White visits IAPP Global Summit 2024
​
​
Week 10: Apr 15, 2024
Activity: Review the meaning of 'Sensitive Personal Information'.
Tool: Data Map - What Personal Information Do You Hold?
Resource: Sensitive Personal Information.
Event: Deputy Commissioner: Angie Farquharson
​
Week 11: Apr 22, 2024
Activity: Review appropriate conditions for using personal information
Tool: Conditions for using personal information: Scenarios
Resource: Conditions For Using Personal Information
Event: Questions for Commissioner White submissions - closed
Week 12: Apr 29, 2024
-
Activity: Finalise, collect & store inventory & mapping records in a secure place.
-
Tool: Review Q2 Checklist
-
Resource: Revisit inventory resources Weeks 7-11
Week 13: May 6, 2024
Activity: Raise awareness by discussing the risks & harms of misuse of personal information at a general staff meeting
​
Tool: Privacy Risk Threshold
Resource: What's the harm if personal information is misused?
Event: Privacy Pro Information Session
​
​
​
​
Week 14: May 13, 2024
Activity: Ask members of the Privacy Committee to identify potential risk of unauthorised use or access to personal information
​
Tool: Privacy Impact Questionnaire
Resource: How The Privacy Pro does PIAs
​
Event: 'Road to PIPA' Survey
​
​
​
​
Week 15: May 20, 2024
Activity: Identify controls to mitigate risk and ensure the business purpose can still be accomplished.
​
Tool: Security Safeguards
Resource: The 8 themes of IASME Cyber Baseline
Event: PIPA Compliance facilitated by Duncan Card of Appleby Global
​
​
​
Week 16: June 3, 2024
Activity: Work with Privacy Committee to set a realistic timeline for implementing controls needed to mitigate risk
​
Tool: Privacy Impact Assessment findings and Mitigation Plan
Resource: Mid-Atlantic Privacy: Our Community Needs a Data Protection Social Contract
Event: Privacy Impact Assessments: Dr Marissa Stones
​
Week 17: June 17, 2024
Activity: Identify common scenarios where security might be breached & use the PIA to assess how this might affect both the individuals and the business
​
Tool: What happens if there is a breach?
Resource: Revisit Risk Assessment resources - Weeks 13 - 16
Event: Policy Writing & Record Keeping for PIPA - hosted by Data Protection People.
​
​
​
​
​
Week 18: June 24, 2024
Activity: Work with Privacy Committee members to create procedures for their units/processes using information from the data life cycle
​
Tool: HR Privacy Policy & Procedure Checklist
​
Resource: Maintaining privacy in email communication
​
​
​
​
​
Week 19: July 1, 2024
Activity: Document internal procedures for staff
​
Tool: Internal Privacy Procedures Template
Resource: Q3 Checklist
Event: Policies and Procedures with Nancy Volesky (youtube.com)
​
​
​
​
​
​
​
​
Week 20: July 8, 2024
Activity: Create a retention & destruction schedule:
-
How long does each unit need to retain PI?
-
Are there legal requirements besides PIPA
​
Tool: Data Retention & Destruction Schedule Template
​
Resource: PIPA, Bermuda’s privacy law
Event: KPMG Webinar 2: Deep Dive: PIPA vs GDPR – 15 July
​
​
​
​​
Week 21: July 15, 2024
Activity: Hold a Staff Training Event
​
Tool: Revisit Policies & Procedures Tools Wks: 18-20
Resource: GPEN Press Release
Event: Navigating PIPA Compliance: Royal Hamilton Amateur Dinghy Club
​
​
​
​
​
Week 22: Aug 12, 2024
Activity: Develop role-based training for individual staff that use personal information in the workplace. Make sure that training is:
* Targeted
* Practical
* Actionable
​
Tool: Training vs Awareness
​
Resource: Guidance: Privacy in the Workplace
​
Event: Lightning Talk - Duncan Card: Partner - Appleby (Bermuda) Ltd
​
​​​
Week 23: Aug 19, 2024
Activity: Conduct Role-Based Training. Remember, it needs to be:
*Targeted
*Practical
*Actionable
​
Tool: Employee Scenario
Resource: Protecting Personal Information in the Medical Field
Event: Road to PIPA: Weeks 1-21 Overview
​
​​​​​​
​
​
Week 24: Sept 2, 2024
Activity: Staff may be able to describe aspects of their work that the Privacy Committee are unaware of. Adapt procedures as needed!
​
Tool: Staff training feedback questionnaire
​
Resource:
Event: KPMG Webinar 3: Deep Dive: Data Mapping & RoPA :Road to PIPA webinar 3: Deep Dive: Data Mapping & RoPA​​​​​