With Data Privacy Day occurring internationally on 28 January, 2024, it seems a good time to issue our Data Privacy Bulletin for 2024.

2023 was an eventful year for the Office of the Privacy Commissioner (PrivCom), and a clear indicator to the Bermuda market that the era of privacy and data protection regulation is on the rise, and here to stay. Continuing to demonstrate its supervisory readiness, PrivCom continued its growth with the appointment of Ms. Angie Farquharson as the new Deputy Privacy Commissioner in June. Concurrently, the legislature passed the Personal Information Protection Amendment Act 2023 in the House of Assembly, intended to harmonise and resolve overlapping provisions and incorporate conforming changes to the Personal Information Protection Act 2016 (PIPA) and the Public Access to Information Act 2010 (PATI).

Of course the marquee event in 2023 was the announcement of the long awaited commencement date for the full implementation of PIPA. In June the Bermuda Government announced that PIPA will come into full force on 1 January 2025. Also much anticipated, in September PrivCom published "The Guide to PIPA", a useful digital resource for privacy officers and individuals entrusted with day-to-day responsibility for privacy and data protection. In October Bermuda took centre stage and hosted the 45th Global Privacy Assembly which welcomed more than 130 data protection and privacy authorities and privacy professionals from around the world.

As the impacts of artificial intelligence, cyberattacks, and privacy rights are increasingly front of mind in boardrooms, and coupled with the confirmed commencement date for PIPA, there has been a surge in client demand for personal information and data protection advice. With the clock now officially ticking for organisations that use personal information in Bermuda to ensure PIPA compliance, whether by formulating privacy policies and notices, reviewing privacy audits and level of protection assessments or understanding individuals' rights and the requirements of a privacy officer, Conyers Regulatory anticipates an even busier 2024.

Whether your organisation is just starting its PIPA compliance journey or needs a refresher on how PIPA will impact your organisation, we recommend Conyers' four-part "Understanding PIPA" series exploring different topics relating to PIPA, which are set out below:

Why Do We Need Privacy Legislation?

In recent years, privacy and data protection are hot topics. It's not difficult to see why: as technology has evolved, so has the way that organisations store, use and process our data and personal information. Read more

Defining Its Scope and Starting to Prepare

Before being able to establish any privacy program, an organisation needs to first understand whether PIPA applies to it and what personal information it is holding or has control over. Essentially they need to conduct an "information inventory". Read more

The Role and Requirements of Privacy Officers

Getting ready for the Personal Information and Protection Act 2016 (PIPA) may seem daunting, and with 1 January 2025 now set as the commencement date for PIPA's obligations to come into force, many organisations are wisely already underway with their preparations. Read more

Defining Our Individual Rights

Data protection, privacy and individuals' rights relating to their personal information are quite the hot topic in these days of Big Data and growing consumer privacy concerns, but what exactly are those rights? An individual's rights will vary depending on where their personal information is being collected, stored or used. Read more

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.