What does this cover?

Economic Development Minister Grant Gibbons has announced that Bermuda is to secure privacy legislation to protect people online and offline. The draft Personal Information Protection Act (PIPA) sets out how organisations, businesses and the Government may use personal information and has drawn on legislation from a number of jurisdictions including Canada, the United States, and across Europe. It reflects a set of internationally accepted privacy principles and accepted standards of good business practices for the use of personal data. Such data must be protected in accordance with the necessary level of security for that specific type of information and security breaches that could adversely affect an individual must be reported to both an appointed Privacy Commissioner and the affected person.

The Act is intended to complement to the recent Public Access to Information Act, which provides for public access to the Government’s information, whilst simultaneously protection personal information. The supporting commentary to the draft Act it has been prepared in order that an application for EU adequacy could be made. This would allow for the free transfer of information between Bermuda and EU member states, the aim of which would be to increase opportunities for international businesses operating out of Bermuda.

The draft PIPA can be accessed here.

What action could be taken to manage risks that may arise from this development?

Companies are advised to give consideration to the draft Act, in anticipation of implementation, and to review policies and procedures in Bermuda in light of the proposed legislation.