PIPA requires all organisations, in both the public and private sectors, to act reasonably in meeting their responsibilities under the Act, as well as ensure that they use personal information in a lawful and fair manner.

The lawful part is nothing new, and the obligation to act reasonably is pervasive across statutory and contractual obligations.

However, a duty to act fairly is usually associated with public sector conduct and administrative procedure, and is comparatively new legal territory for the private sector.

Pipa is flexibly structured to impose greater duties of care and protection where there is a greater risk of harm to the individual should their personal information be wrongfully used or disclosed. Therefore, organisations have a very wide ambit of discretion and judgment along that continuum of compliance.

The conduct that a duty of fairness may require for private sector organisations under PIPA has been addressed by the Privacy Commissioner, who has published helpful guidance.

The fairness principles that the Privacy Commissioner advanced includes conduct: to handle personal information in ways that individuals would reasonably expect; to not deceive or mislead individuals; that takes into account the interests of those affected by such decisions; and, in a manner that facilitates the exercise of individual privacy rights.

That guidance very closely echoes Britain’s Information Commissioner’s Office, which is that jurisdiction’s independent body mandated to uphold information rights.

Their version of Pipa — the UK General Data Protection Regulation, which is not part of Bermuda’s privacy law — contains a similar duty of fair conduct.

The Bermuda ICO’s guidance asserts that the duty of fairness also extends to treating “… individuals fairly when they seek to exercise their rights over their data. This ties in with your obligation to facilitate the exercise of individuals’ rights”.

However, as helpful as that non-binding guidance is, a duty of fair conduct in the context of Bermuda’s imminent privacy law may also go farther.

At common law, compliance with a duty of fairness also suggests that decisions affecting others should: not be undertaken with malice or in bad faith; be in accordance with a transparent process that is followed in all situations without favouritism, bias or unequal treatment; and, avoid arbitrary decisions towards those affected.

There is no question that PIPA’s imposed duty of fairness will require the private sector to carefully consider the management and administrative measures and policies that PIPA requires all users of personal information in Bermuda to formulate and adopt by January 1, 2025.

First Published in The Royal Gazette, Legally Speaking column, October 2023

Share
X.com LinkedIn Email Save as PDF
More Publications
Appleby-Website-Privacy-and-Data-Protection
28 Jul 2025

Insights from the BMA’s Second Consultation Paper on Digital Identity Service Providers

As jurisdictions around the world grapple with the complexities of authenticating digital identities...

Technology and Innovation
24 Jul 2025

Contracts to Manage AI Risk: Part Two (Bermuda)

In part one of this two-part series about artificial intelligence contracts, I discussed the ways th...

Technology and Innovation
22 Jul 2025

Contracts to Manage AI Risk (Bermuda)

This is the first of a two-part article on how artificial intelligence contracts can be used to mana...

Appleby-Website-Insurance-and-Reinsurance
15 Jul 2025

Captives are the grass roots of Bermuda risk

Bermuda has seen tremendous growth in the life reinsurance and insurance-linked securities markets i...

050-Insolvency-Restructuring-Grid-Image
10 Jul 2025

Bermuda: Restructuring & Insolvency

This country-specific Q&A provides an overview of Restructuring & Insolvency laws and regulations ap...

050-Insolvency-Restructuring-Grid-Image
3 Jul 2025

Insolvency law: secured creditors take note (Bermuda)

The recent judgment delivered by the Supreme Court of Bermuda in the matter of Harold J. Darrell hig...

Appleby-Website-Insurance-and-Reinsurance
2 Jul 2025

Bermuda: Education has helped investors get more comfortable as ILS continues to grow

It’s been an exceptionally busy and record first half of the year for the catastrophe bond sector,...

Appleby-Website-Privacy-and-Data-Protection
25 Jun 2025

Impact of Privacy Law on Bermuda Business

On 1st January 2025, Bermuda’s Personal Information Protection Act 2016 (PIPA) came into full forc...

Appleby-Website-Regulatory-Practice
25 Jun 2025

Simplified Due Diligence in Bermuda

Simplified Due Diligence (SDD) and Reduced Due Diligence (RDD) are critical features of a modern, ri...

Appleby-Website-Employment-and-Immigration
23 Jun 2025

Practical Tips for Conducting Workplace Investigations

Allegations of harassment, bullying or other misconduct in the workplace can create a legal mine fie...