The Office of the Privacy Commissioner is delighted to announce the results of our work on a privacy awareness and readiness survey with KPMG in Bermuda.
This survey gauged community awareness and readiness for the Personal Information Protection Act (PIPA). Respondents came from both international and local businesses and ranged across industries including insurance, financial services, banking and others.
KPMG's statement described the background on this survey: “KPMG understands that technology is constantly developing, products are changing, and this has resulted in organisations collecting more and more data. The Covid-19 pandemic only accelerated these changes and dependency on technology increased. With the changing landscape, this bought on new challenges. These challenges can range from implementation and costs of a privacy program, to areas of the Bermuda Personal Information Protection Act that the market expects to be most difficult to address. Conducting this survey has helped us see how Bermuda is preparing for the Privacy changes."
The results indicated that PrivCom should maintain our focus on awareness and educational efforts to help Bermudians understand PIPA and what it means for organisations. Of note, all respondents stated that they saw privacy laws as a good thing.
"100% of respondents believe privacy regulation is good for Bermuda as a community"
Privacy Commissioner Alexander White stated, “This privacy readiness survey provides welcome insight into our community’s perceptions of the importance of data privacy and how to make it a reality. Our office’s annual goals already focused on the need for training and awareness events and further guidance for setting up a privacy programme, and we will evaluate these aggregate results to ensure we take on board the community’s thoughts and opinions. We offer our thanks to the KPMG team, particularly Katy Gloth who spearheaded the effort.”
Ian Gardner, KPMG Director stated, “Increasing remote working and technology disruption, features of the last year, have increased the sharing of personal information and complexity of models in which such data is shared domestically and internationally. Coupled with the regulatory focus on the protection and privacy of personal data, [this trend] makes our survey valuable for insights on the impact, awareness, and readiness for the Act.”
To read the report of the privacy survey results, visit KPMG's website or download the high-level report.
To reach out to the Office of the Privacy Commissioner, please visit our Contact Us page.
Press Background:
Rights and responsibilities relating to data privacy are set out in the Personal Information Protection Act 2016 (PIPA). Bermuda's PIPA received Royal Assent on 27 July 2016. Sections relating to the appointment of the Privacy Commissioner were enacted on 2 December 2016, including the creation of the Office as well as those duties and powers relevant to its operation in the period leading up to the implementation of the whole Act. The Commissioner works to facilitate the advancement of consequential amendments to other Acts in order to harmonise them with PIPA.
The Office of the Privacy Commissioner for Bermuda (PrivCom) is an independent supervisory authority established in accordance with the Personal Information Protection Act 2016 (PIPA).
The mandate of the Privacy Commissioner is to regulate the use of personal information by organisations in a manner which recognizes both the need to protect the rights of individuals in relation to their personal information and the need for organisations to use personal information for legitimate purposes, among other duties.
The Privacy Commissioner's powers and responsibilities include monitoring the processing of personal information by both private- and public-sector organisations, investigating compliance with PIPA, issue guidance and recommendations, liaise with other enforcement agencies, and advise on policies and legislation that affect privacy. PrivCom also works to raise awareness and educate the public about privacy risks, and to protect people’s rights and freedoms when their personal data is used. The general powers of the Privacy Commissioner are outlined in Article 29 of PIPA.
Alexander White (Privacy Commissioner) was appointed by Excellency the Governor, after consultation with the Premier and Opposition Leader, to take office on 20 January 2020.
Privacy is the right of an individual to be left alone and in control of information about oneself. In addition to the protections in PIPA, the right to privacy or private life is enshrined in the United Nations' Universal Declaration of Human Rights (Article 12) and the European Convention of Human Rights (Article 8).
"Personal information" or data is a defined term in PIPA that means any information about an identified or identifiable individual. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. "Sensitive personal information" is a defined term in PIPA that includes information relating to such aspects as place of origin, race, colour, sex, sexual life, health, disabilities, religious beliefs, and biometric and genetic information. (Note: This is not a complete list.)
"Use" of personal information is a defined term in PIPA that means "carrying out any operation on personal information, including collecting, obtaining, recording, holding, storing, organising, adapting, altering, retrieving, transferring, consulting, disclosing, disseminating or otherwise making available, combining, blocking, erasing or destroying it."