top of page
Bermuda flag waving.jpg

Week 1: Feb 5, 2024

  • Activity: CEO Endorsement Letter Available

​

​

​

​

​

Week 2: Feb 12, 2024

  • Activity: Designate a Privacy Officer (PO), Monitor privacy compliance, foster a culture of privacy.

​

​

​

​

amerika_bermuda_pink_sands_horseshoe_beach_shutterstock_104381525.jpg

Week 3: Feb 19, 2024

  • Activity: Conduct all staff training on Privacy basics.

​

​

​

  • Event: Coming in March 2024! PIPA Unveiled

46768332064_e911e930f5_b.jpg

Week 4: Feb 26, 2024

  • Activity: Create a list of business units.

​

​

  • Resource: How Investing in a Privacy Program Pays Off

​

​

​

Week 1 - 4
Bermuda_Bermuda Botanical Gardens_edited.jpg

Week 5: Mar 4, 2024

Barrs Bay.jpg

Week 6: Mar 11, 2024

EAfn3MwWkAYPIGJ.jpg

Week 8: Apr 1, 2024

Week 5 - 8
Easter Kites.jpg

Week 9: Apr 8, 2024

Activity: Identify the purposes for which you use Personal Information?
 

Tool: PrivCom Checklist
 

Resource: Purpose Limitation
 

Event: Commissioner White visits IAPP Global Summit 2024

​

​

Lilium_longiflorum_(Easter_Lily).JPG

Week 10: Apr 15, 2024

Activity: Review the meaning of 'Sensitive Personal Information'.
 

Tool: Data Map - What Personal Information Do You Hold?
 

Resource: Sensitive Personal Information.
 

Event: Deputy Commissioner: Angie Farquharson

​

unfinished-church-st-george-bermuda.jpg

Week 11: Apr 22, 2024

Activity: Review appropriate conditions for using personal information
 

Tool: Conditions for using personal information: Scenarios
 

Resource: Conditions For Using Personal Information
 

Event: Questions for Commissioner White submissions - closed

EmIrEpeWoAABXxg.jpg

Week 12: Apr 29, 2024

Week 9 - 12
Bermuda.jpg

Week 13: May 6, 2024

Activity: Raise awareness by discussing the risks & harms of misuse of personal information at a general staff meeting

​

Tool: Privacy Risk Threshold
 

Resource: What's the harm if personal information is misused?
 

Event: Privacy Pro Information Session

​

​

​

​

Week 14: May 13, 2024

Activity: Ask members of the Privacy Committee to identify potential risk of unauthorised use or access to personal information

​

Tool: Privacy Impact Questionnaire
 

Resource: How The Privacy Pro does PIAs

​

Event: 'Road to PIPA' Survey

​

​

​

​

Jet-Blue-Bermua-1024x683.jpg

Week 15: May 20, 2024

Activity: Identify controls to mitigate risk and ensure the business purpose can still be accomplished.

​

Tool: Security Safeguards
 

Resource: The 8 themes of IASME Cyber Baseline
 

Event: PIPA Compliance facilitated by Duncan Card of Appleby Global

​

​

​

SPC-Aug-22-2048x1208.jpg

Week 16: June 3, 2024

Activity: Work with Privacy Committee to set a realistic timeline for implementing controls needed to mitigate risk

​

Tool: Privacy Impact Assessment findings and Mitigation Plan
 

Resource: Mid-Atlantic Privacy: Our Community Needs a Data Protection Social Contract
 

Event: Privacy Impact Assessments: Dr Marissa Stones

​

Week 13-16
IMG-20220618-WA0008.jpg

Week 17: June 17, 2024

Activity: Identify common scenarios where security might be breached & use the PIA to assess how this might affect both the individuals and the business

​

Tool: What happens if there is a breach?
 

Resource: Revisit Risk Assessment resources - Weeks 13 - 16
 

Event: Policy Writing & Record Keeping for PIPA - hosted by Data Protection People.

​

​

​

​

​

1687803486005.png

Week 18: June 24, 2024

Activity: Work with Privacy Committee members to create procedures for their units/processes using information from the data life cycle

​

Tool: HR Privacy Policy & Procedure Checklist

​

Resource: Maintaining privacy in email communication

​

Event: KPMG Webinar 1: Implementing Privacy Programs – Common Pitfalls and Pain Points, 28 June 10.30-11.15am AST

​

​

​

​

blue-marlin-bermuda-fishing-leaping-water-1024x768.jpg

Week 19: July 1, 2024

Activity: Document internal procedures for staff

​

Tool: Internal Privacy Procedures Template
 

Resource: Q3 Checklist
 

Event: Policies and Procedures with Nancy Volesky (youtube.com)

​

​

​

​

​

​

​

​

Bermuda-Pink-Sand-Beach.jpg

Week 20: July 8, 2024

Activity: Create a retention & destruction schedule:

  • How long does each unit need to retain PI?

  • Are there legal requirements besides PIPA

​

Tool: Data Retention & Destruction Schedule Template 

​

Resource: PIPA, Bermuda’s privacy law

 

Event: KPMG Webinar 2: Deep Dive: PIPA vs GDPR – 15 July

​

​

​

​​

Week 17-20
CupMatchCover1.jpg

Week 21: July 15, 2024

Activity: Hold a Staff Training Event

​

Tool: Revisit Policies & Procedures Tools Wks: 18-20
 

Resource: GPEN Press Release
 

Event: Navigating PIPA Compliance: Royal Hamilton Amateur Dinghy Club

​

​

​

​

​

download.jpeg

Week 22: Aug 12, 2024

Activity: Develop role-based training for individual staff that use personal information in the workplace. Make sure that training is: 

* Targeted

* Practical

* Actionable

​

Tool: Training vs Awareness

​

Resource: Guidance: Privacy in the Workplace

​

Event: Lightning Talk - Duncan Card: Partner - Appleby (Bermuda) Ltd

​

​​​

_SEL0017-min.jpg

Week 23: Aug 19, 2024

Activity: Conduct Role-Based Training. Remember, it needs to be:

*Targeted

*Practical

*Actionable

​

Tool: Employee Scenario
 

Resource: Protecting Personal Information in the Medical Field
 

Event: Road to PIPA: Weeks 1-21 Overview

​

​​​​​​

​

​

Bermuda-for-Kids-1-1024x764.jpg.webp

Week 24: Sept 2, 2024

Activity: Staff may be able to describe aspects of their work that the Privacy Committee are unaware of. Adapt procedures as needed!

​

Tool: Staff training feedback questionnaire

​

Resource: 

 

Event: KPMG Webinar 3: Deep Dive: Data Mapping & RoPA :Road to PIPA webinar 3: Deep Dive: Data Mapping & RoPA​​​​​

Week 21-24
9729_EDU_MINISTER_PURVIS_PRIMARY_PREFECT_PINNING_CEREMONY__R1_0784.webp

Week 25: Sept 9, 2024

Activity:

  • Work with legal counsel to review service provider and outsourcing contracts.

  • Assemble a list of your various agreements

​

Tool: Contract Inventory List
 

Resource: Guidance on vendors, third parties, and overseas data transfers
 

Event: Press Release / Blog Post re PrivCom's CBPR Membership and Conference​​​​​

dsc03606_11zon.jpg

Week 26: Sept 16, 2024

Activity: Use a checklist to identify certain elements of third-party contracts.

​

Tool: Elements of third-party contracts

​

Resource: Duncan Card RG Article on Outsourced Services

​

Event: None

​

​​​

head-cyrstal-caves-bermuda.jpg

Week 27: Sept 23, 2024

Activity: Identify the countries where information is being transferred or stored and whether the contractual provisions create a reasonable belief that the protection overseas is comparable to PIPA requirements.​

​

Tool: Point of Transfer

​

Resource: Transfer of personal information to an overseas third party  

 

Event: ​Fireside Chat + Q&A’ with Commissioner White and Deputy Commissioner Farquharson, CPA

CPA Bermuda AGM.

​​​​​​

​

​

download.jpeg

Week 28: Sept 30, 2024

Activity: Create a timetable for when contracts will renew and ensure any renewals are updated with privacy compliance.

​

Tool: Section 15 Checklist for Organisations.

​

Resource: Transfer of personal information to overseas third-parties and comparable jurisdictions.

 

Event: International Data transfers - insights from part 1 I Data Protection People​​​​​

Week 25 - 28
DALL·E-2024-05-16-20.29.43-An-image-representing-the-Healthy-Steps-radio-show-episode-on-W

Week 29: Oct 7, 2024

Activity: Meet with senior management to outline an incident response plan and set a timeline for completing the final plan.

​

Tool: Q4 Checklist

​

Resource: PrivCom seeks feedback on draft consultation report for financial services

​

Event: Financial Services Consultation: Submit your Feedback by October 18

photo_3355492.jpg

Week 30: Oct 14, 2024

Activity: Working with the communications team, draft generic template letters that can be used to notify PrivCom and individuals of a data breach.​

​

Tool: Template Letter

​

Resource: Review Section 14 - Breach of Security

​

Event: Commissioner White discussion with Steph Brown.

Admiralty-House-Park-Bermuda-001.jpg

Week 31: Oct 21, 2024

Activity: Share the plan with staff and advise them what to do in case there is a breach.

​

Tool: Incident response template letter

​

Resource: Incident Management - ncsc.gov.uk

​

Event: KPMG/Bermuda Health Council Webinar Road to PIPA: Healthcare Deep Dive - 24 October, 9 - 10am

halloween.jpg

Week 32: Oct 28, 2024

Activity: Break up the elements of the Incident Response Plan into phases. Schedule time for further review and completion.

​

Tool: Questions regarding Incident Response.

​

Resource: 46th Global Privacy Assembly Press Release

​

Event: 46th Global Privacy Assembly: The Power of I

Week 29 - 32
Remembrance-Day-2010-winter-KS.jpg

Week 33: Nov 4, 2024

Activity: Meet with senior management to outline an incident response plan and set a timeline for completing the final plan.

​

Tool: PIPA Rights Request Workflow

​

Resource: Summary: Links to tools created during Incident Response

​

Event: PIPA & You - An Individual's Guide: Nov. 14 - 5:30 to 7:15pm - St. Pauls Church

Week 34: Nov 18, 2024

Activity: Review Guide to PIPA sections on access, correction, blocking, and medical records if applicable​

​

Tool: PIPA Rights Request Response Checklist

​

Resource: PrivCom joins a common global approach to privacy age assurance

​

Event: PIPA & You

thanksgivingplate.jpg

Week 35: Nov 25, 2024

Activity:

​

Tool:

​

Resource:

​

Event: 

ChristmasMarket.jpg

Week 36: Dec 2, 2024

Activity:

​

Tool:

​

Resource:

​

Event:

Weeks 33 - 36
bottom of page