Privacy Law & Data Protection Services

Our specialized privacy law and data protection team assisted with drafting Bermuda’s Personal Information Protection Act, 2016, which is heavily based on Canadian law with some influences from Europe’s GDPR data protection regime. With Canadian trained legal counsel on our team, we have over 20 years of privacy law and regulation compliance with the privacy law regimes that PIPA is primarily based on. Having already assisted many dozens of domestic and international clients, in both the private and public sectors, to comply with PIPA when it comes into full force and effect on 1 January 2025, we can provide your organization with the following privacy law and compliance services and products:

  • Assistance with Structuring Your Privacy Compliance Program: We can provide a turn-key analysis of your enterprise’s privacy laws obligations and requirements from start to finish, as well as advise on discrete aspects of your current approach to the privacy compliance program that has already commenced.
  • Privacy Compliance Program Audit and Assessments: We can review your existing compliance policies, procedures, forms of notices and consents, operational practices, security protection practices, and proposed governance oversight regime to identify any gaps or shortfalls that may exist, and to recommend any improvements that may be required.
  • Privacy Compliance Policy & Practices Staff Education and Training: Whether as training seminars, presentations or instructional sessions, we can provide privacy compliance training for Privacy Officers, general staff, organizational managers and C-Suite executives, as well as for Board of Directors. We will tailor those instructional sessions to address the nuances of your organization that you feel are unique and important for sustainable compliance with PIPA.
  • General Counsel Consultation: We provide an ongoing service to provide highly specialized privacy law and compliance advice and guidance to all levels of in-house counsel, including to serve as a resource and compliance sounding-board as well as offering assistance with complex compliance and corporate governance issues as they may arise.
  • The Availability and Invocation of PIPA’s Grounds of Compliance Exemption: We offer private and public sector organizations with understanding and implementing the policies, procedures and operational activities to take full advantage of PIPA’s express, but highly qualified, grounds of compliance exemption.
  • Privacy Security Standards Requirements: Given the proportional nature of PIPA compliance duties, we can assist your enterprise to determine the quality and nature of privacy security standards and requirements that are specifically demanded of your organization under PIPA. Our cyber-security compliance experience allows us to also assist with consolidating multiple processes for security incident reporting where organizations are so regulated in addition to PIPA.
  • Processes for Individual Access and Correction Requests: We can develop the required policies and processes for organizations to comply with their obligations to allow, facilitate and respond to personal information access, use purposes, correction and deletion requests, including all organization responses, permitted refusals, and related compliance undertakings. Given the scrutiny that such privacy rights policies and procedures will receive from the Privacy Commissioner over time, we will design those access regimes to comply with PIPA’s related requirements and stipulations.
  • Complaints and Dispute Resolution: Internal processes to handle complaints and to resolve disputes is encouraged under PIPA, and the existence of such practices may influence when the Privacy Commissioner may decide to become involved in such matters. We can design and structure those internal complaints and dispute management processes for the purpose of mitigating, if not avoiding, the escalation of such matters: for consideration, investigation or action by the Privacy Commissioner; or, as a matter of possible civil litigation before a Court of competent jurisdiction; or, as a matter of prosecutorial investigation or action by the Crown.
Key Contacts

Duncan Card

Partner: Bermuda

T +1 441 298 3270
E Email Duncan

25 Mar 2024

PIPA Compliance is Not Just a Domestic Affair

As organizations in Bermuda prepare for the full application of the Personal Information Protection ...

14 Mar 2024

Privacy Rights Extend Outside Bermuda

As Bermuda prepares for the full application of the Personal Information Protection Act 2016 on Janu...

21 Feb 2024

Bermuda Privacy Law Compliance: Pitfalls to Avoid

Although members of the Chamber are aware that Bermuda’s Personal Information Protection Act, 2016...

8 Feb 2024

Bermuda’s promising telecommunications future

Last year was a stellar one for Bermuda’s positioning in the global array of telecommunications se...

18 Jan 2024

Technology Experience a Must for Board Composition

Corporate governance is an enterprise-wide endeavour that addresses all aspects of an organisation. ...

14 Dec 2023

Bermuda: How to improve IT project outcomes

Transformative IT projects are not for the faint of heart, as they carry with them high probabilitie...

9 Nov 2023

Navigating AI Service Contracts

Organisations are increasingly using and relying on the many commercial advantages of artificial int...

12 Oct 2023

Bermuda: Privacy and the Private Sector

Bermuda’s Personal Information Protection Act 2016, which comes into full force on January 1, 2025...

27 Jul 2023

Tech Innovation Financing Alternative

Creators of technology, whether financial services software, biotechnology, data analytics solutions...

29 Jun 2023

Bermuda’s Pragmatic Regulations

Increasingly, onshore and offshore jurisdictions alike seek to ensure that international business is...

22 Jun 2023

Lead-in to PIPA law is not too lengthy

Last Friday in the House of Assembly, the Government introduced amending legislation required to bri...

18 May 2023

Personal health information and your privacy

When Bermuda’s privacy laws come into full force, perhaps this year, one of the most sensitive are...

10 Mar 2023

Bermuda Companies with Outsourced Services Should Review Contracts

It could be the influence of the Bermuda Triangle, but the convergence of several different circumst...

27 Feb 2023

Bermuda Businesses: Are You Ready to Comply with Our New Privacy Rules?

There have been recent indications from the Bermuda Government that Bermuda’s Personal Information...

8 Feb 2023

Bermuda's Personal Information Protection Act - Are You Ready?

There have been recent indications from the Bermuda Government that Bermuda’s Personal Information...

15 Dec 2022

Insurers need well drafted commercial contracts to use artificial intelligence

It is impossible to overestimate the dependence of Bermuda’s successful insurance sector on inform...

24 Nov 2022

Information Technology, Outsourcing, Privacy & Data Protection

All aspects of Bermuda's economy rely on information technology and data processing - an essential i...

4 Nov 2022

Legally speaking: what not to do when outsourcing operations

In the course of my career, I have drafted, negotiated or otherwise provided commercial and legal ad...

15 Sep 2022

Data Protection Guide 2023: Bermuda

Data Protection Guide 2023: Bermuda. With data protection laws in more than 120 countries around the...

4 Aug 2022

PIPA’s Implications For IT Service Contracts

Increasingly, businesses in Bermuda rely on the IT and data-processing services of both domestic and...

29 Jun 2022

Avoid These 3 Common NDA Drafting Mistakes

It is difficult to think of a transaction that doesn’t begin with a confidentiality or non-disclos...

14 Nov 2023

Podcast: Technology Trends & Bermuda

Technology by nature is a constantly changing industry, and with the introduction of AI technology, ...

24 Feb 2023

Podcast: Bermuda's Imminent Privacy Law

Personal Information Protection Act (PIPA) – what do Bermuda companies need to know to be ready? L...

26 Sep 2022

Podcast: Bermuda - IT and Outsourcing Contracts

Every business relies on IT infrastructure, at the hub of which lies the integrity and confidentiali...

Twitter LinkedIn Email Save as PDF
More News