Organisations and Overseas Third Parties
​
In a seashell...​
​
Under PIPA, “organisation” refers to “any individual, entity or public authority that uses personal information”, and “overseas third party” means an organisation not domiciled in Bermuda.
​
Understanding your role and obligation as an organisation in relation to the personal information you are using is crucial in ensuring that you are PIPA-compliant and the fair treatment of individuals.
​
Where an organisation engages (by contract or otherwise) the services of a third party in connection with the use of personal information, the organisation remains responsible for ensuring compliance with PIPA at all times.
​
The Office of the Privacy Commissioner for Bermuda (PrivCom) has the power to take action against organisations under PIPA.
​
Individuals can bring claims against an organisation and may be entitled to compensation awarded by a court for financial loss and emotional distress.
​
Organisations should take the time to assess and document the status in respect of all the personal information and processing activities that the organisation carries out.