The Office of the Privacy Commissioner of Bermuda
Personal Information Breach Notification
What is a personal information breach?
​
A personal information breach means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information. This includes breaches that are the result of both accidental and deliberate causes.
When do we need to notify individuals about a breach?
If a personal information breach is likely to adversely affect an individual, PIPA says you must inform the Commissioner and those concerned directly and without undue delay.
When should notification occur?
Notification should occur as soon as possible (without undue delay) following a breach.
How should notification occur?
The preferred method of notification is by letter or email to the affected individuals.
​
In scenarios where this is not applicable – website information, posted notices, or social media may be acceptable, however it generally should only happen where “direct” notification could cause further harm, is prohibitive in cost, or contact information is lacking. Using multiple methods of notification in certain cases may be the most effective approach.
For more information, please visit our website: Breach of Security|PrivComBermuda