Week 1: Feb 5, 2024
-
Activity: CEO Endorsement Letter Available
​
​
-
Resource: Blog Post: What is a privacy programme?
​
​
​
Week 2: Feb 12, 2024
-
Activity: Designate a Privacy Officer (PO), Monitor privacy compliance, foster a culture of privacy.
​
​
-
Resource: Blog Post: What is a Privacy Officer?
​
​
Week 3: Feb 19, 2024
-
Activity: Conduct all staff training on Privacy basics.
​
-
Tool: Privacy & PIPA
​
​
-
Event: Coming in March 2024! PIPA Unveiled
Week 4: Feb 26, 2024
-
Activity: Create a list of business units.
​
-
Tool: Setting up a Privacy Committee form
​
-
Resource: How Investing in a Privacy Program Pays Off
​
-
Event: Global Connections
​
​
Week 5: Mar 4, 2024
-
Activity: Set up interviews with each member of your Privacy Committee.
-
Tool: Interview Guide
-
Resource: Mid-Atlantic Privacy: Responsibility, Collaboration, and Creativity + Bermuda's Pink Sandbox
-
Event: PIPA Unveiled Fireside Chat
Week 6: Mar 11, 2024
-
Activity: Determine how PIPA affects each area of your business.
-
Resource: PIPA/GDPR Crosswalk
-
Event: Bermuda Risk Summit
Week 7: Mar 18, 2024
-
Activity: Begin Data Mapping
-
Tool: Mid Atlantic Privacy: Interoperability, or Why Bermuda is not an island.
Week 8: Apr 1, 2024
-
Activity: Each member of the privacy committee takes 15 min to identify the information life cycle & "flow" for their unit.
-
Tool: PrivCom Q2 Checklist
-
Resource: Responsibility & Compliance
Week 9: Apr 8, 2024
Activity: Identify the purposes for which you use Personal Information?
Tool: PrivCom Checklist
Resource: Purpose Limitation
Event: Commissioner White visits IAPP Global Summit 2024
​
​
Week 10: Apr 15, 2024
Activity: Review the meaning of 'Sensitive Personal Information'.
Tool: Data Map - What Personal Information Do You Hold?
Resource: Sensitive Personal Information.
Event: Deputy Commissioner: Angie Farquharson
​
Week 11: Apr 22, 2024
Activity: Review appropriate conditions for using personal information
Tool: Conditions for using personal information: Scenarios
Resource: Conditions For Using Personal Information
Event: Questions for Commissioner White submissions - closed
Week 12: Apr 29, 2024
-
Activity: Finalise, collect & store inventory & mapping records in a secure place.
-
Tool: Review Q2 Checklist
-
Resource: Revisit inventory resources Weeks 7-11
Week 13: May 6, 2024
Activity: Raise awareness by discussing the risks & harms of misuse of personal information at a general staff meeting
​
Tool: Privacy Risk Threshold
Resource: What's the harm if personal information is misused?
Event: Privacy Pro Information Session
​
​
​
​
Week 14: May 13, 2024
Activity: Ask members of the Privacy Committee to identify potential risk of unauthorised use or access to personal information
​
Tool: Privacy Impact Questionnaire
Resource: How The Privacy Pro does PIAs
​
Event: 'Road to PIPA' Survey
​
​
​
​
Week 15: May 20, 2024
Activity: Identify controls to mitigate risk and ensure the business purpose can still be accomplished.
​
Tool: Security Safeguards
Resource: The 8 themes of IASME Cyber Baseline
Event: PIPA Compliance facilitated by Duncan Card of Appleby Global
​
​
​
Week 16: June 3, 2024
Activity: Work with Privacy Committee to set a realistic timeline for implementing controls needed to mitigate risk
​
Tool: Privacy Impact Assessment findings and Mitigation Plan
Resource: Mid-Atlantic Privacy: Our Community Needs a Data Protection Social Contract
Event: Privacy Impact Assessments: Dr Marissa Stones
​
Week 17: June 17, 2024
Activity: Identify common scenarios where security might be breached & use the PIA to assess how this might affect both the individuals and the business
​
Tool: What happens if there is a breach?
Resource: Revisit Risk Assessment resources - Weeks 13 - 16
Event: Policy Writing & Record Keeping for PIPA - hosted by Data Protection People.
​
​
​
​
​
Week 18: June 24, 2024
Activity: Work with Privacy Committee members to create procedures for their units/processes using information from the data life cycle
​
Tool: HR Privacy Policy & Procedure Checklist
​
Resource: Maintaining privacy in email communication
​
​
​
​
​
Week 19: July 1, 2024
Activity: Document internal procedures for staff
​
Tool: Internal Privacy Procedures Template
Resource: Q3 Checklist
Event: Policies and Procedures with Nancy Volesky (youtube.com)
​
​
​
​
​
​
​
​
Week 20: July 8, 2024
Activity: Create a retention & destruction schedule:
-
How long does each unit need to retain PI?
-
Are there legal requirements besides PIPA
​
Tool: Data Retention & Destruction Schedule Template
​
Resource: PIPA, Bermuda’s privacy law
Event: KPMG Webinar 2: Deep Dive: PIPA vs GDPR – 15 July
​
​
​
​​
Week 21: July 15, 2024
Activity: Hold a Staff Training Event
​
Tool: Revisit Policies & Procedures Tools Wks: 18-20
Resource: GPEN Press Release
Event: Navigating PIPA Compliance: Royal Hamilton Amateur Dinghy Club
​
​
​
​
​
Week 22: Aug 12, 2024
Activity: Develop role-based training for individual staff that use personal information in the workplace. Make sure that training is:
* Targeted
* Practical
* Actionable
​
Tool: Training vs Awareness
​
Resource: Guidance: Privacy in the Workplace
​
Event: Lightning Talk - Duncan Card: Partner - Appleby (Bermuda) Ltd
​
​​​
Week 23: Aug 19, 2024
Activity: Conduct Role-Based Training. Remember, it needs to be:
*Targeted
*Practical
*Actionable
​
Tool: Employee Scenario
Resource: Protecting Personal Information in the Medical Field
Event: Road to PIPA: Weeks 1-21 Overview
​
​​​​​​
​
​
Week 24: Sept 2, 2024
Activity: Staff may be able to describe aspects of their work that the Privacy Committee are unaware of. Adapt procedures as needed!
​
Tool: Staff training feedback questionnaire
​
Resource:
Event: KPMG Webinar 3: Deep Dive: Data Mapping & RoPA :Road to PIPA webinar 3: Deep Dive: Data Mapping & RoPA​​​​​
Week 25: Sept 9, 2024
Activity:
-
Work with legal counsel to review service provider and outsourcing contracts.
-
Assemble a list of your various agreements
​
Tool: Contract Inventory List
Resource: Guidance on vendors, third parties, and overseas data transfers
Event: Press Release / Blog Post re PrivCom's CBPR Membership and Conference​​​​​
Week 26: Sept 16, 2024
Activity: Use a checklist to identify certain elements of third-party contracts.
​
Tool: Elements of third-party contracts
​
Resource: Duncan Card RG Article on Outsourced Services
​
Event: None
​
​​​
Week 27: Sept 23, 2024
Activity: Identify the countries where information is being transferred or stored and whether the contractual provisions create a reasonable belief that the protection overseas is comparable to PIPA requirements.​
​
Tool: Point of Transfer
​
Resource: Transfer of personal information to an overseas third party
Event: ​Fireside Chat + Q&A’ with Commissioner White and Deputy Commissioner Farquharson, CPA
CPA Bermuda AGM.
​​​​​​
​
​
Week 28: Sept 30, 2024
Activity: Create a timetable for when contracts will renew and ensure any renewals are updated with privacy compliance.
​
Tool: Section 15 Checklist for Organisations.
​
Resource: Transfer of personal information to overseas third-parties and comparable jurisdictions.
Event: International Data transfers - insights from part 1 I Data Protection People​​​​​
Week 29: Oct 7, 2024
Activity: Meet with senior management to outline an incident response plan and set a timeline for completing the final plan.
​
Tool: Q4 Checklist
​
Resource: PrivCom seeks feedback on draft consultation report for financial services
​
Event: Financial Services Consultation: Submit your Feedback by October 18
Week 30: Oct 14, 2024
Activity: Working with the communications team, draft generic template letters that can be used to notify PrivCom and individuals of a data breach.​
​
Tool: Template Letter
​
Resource: Review Section 14 - Breach of Security
​
Week 31: Oct 21, 2024
Activity: Share the plan with staff and advise them what to do in case there is a breach.
​
Tool: Incident response template letter
​
Resource: Incident Management - ncsc.gov.uk
​
Event: KPMG/Bermuda Health Council Webinar Road to PIPA: Healthcare Deep Dive - 24 October, 9 - 10am
Week 32: Oct 28, 2024
Activity: Break up the elements of the Incident Response Plan into phases. Schedule time for further review and completion.
​
Tool: Questions regarding Incident Response.
​
Resource: 46th Global Privacy Assembly Press Release
​
Week 33: Nov 4, 2024
Activity: Meet with senior management to outline an incident response plan and set a timeline for completing the final plan.
​
Tool: PIPA Rights Request Workflow
​
Resource: Summary: Links to tools created during Incident Response
​
Event: PIPA & You - An Individual's Guide: Nov. 14 - 5:30 to 7:15pm - St. Pauls Church
Week 34: Nov 18, 2024
Activity: Review Guide to PIPA sections on access, correction, blocking, and medical records if applicable​
​
Tool: PIPA Rights Request Response Checklist
​
Resource: PrivCom joins a common global approach to privacy age assurance
​
Event: PIPA & You
Week 35: Nov 25, 2024
Activity:
​
Tool:
​
Resource:
​
Event:
Week 36: Dec 2, 2024
Activity:
​
Tool:
​
Resource:
​
Event: