Law: Personal Information Protection Act 2016 (PIPA)

Regulator: Office of the Privacy Commissioner for Bermuda (PrivCom)

Summary: On July 27, 2016, the Personal Information Protection Act 2016 (PIPA) received Royal assent and will come into full effect on January 1, 2025. PIPA regulates the collection, storage, processing, use, and dissemination of personal data and establishes data protection principles as well as security requirements for the processing of personal data.

PIPA further provides for requirements on organizations to appoint a data protection officer and to notify the Privacy Commissioner and data subjects in the event of a personal data breach. Importantly, PIPA also imposes an overarching obligation on organizations to adopt suitable measures and policies to give effect to the rights of individuals, which include the right to be informed, access, rectify, erase, and object to the processing of their personal data.