PIPA requires all organisations, in both the public and private sectors, to act reasonably in meeting their responsibilities under the Act, as well as ensure that they use personal information in a lawful and fair manner.

The lawful part is nothing new, and the obligation to act reasonably is pervasive across statutory and contractual obligations.

However, a duty to act fairly is usually associated with public sector conduct and administrative procedure, and is comparatively new legal territory for the private sector.

Pipa is flexibly structured to impose greater duties of care and protection where there is a greater risk of harm to the individual should their personal information be wrongfully used or disclosed. Therefore, organisations have a very wide ambit of discretion and judgment along that continuum of compliance.

The conduct that a duty of fairness may require for private sector organisations under PIPA has been addressed by the Privacy Commissioner, who has published helpful guidance.

The fairness principles that the Privacy Commissioner advanced includes conduct: to handle personal information in ways that individuals would reasonably expect; to not deceive or mislead individuals; that takes into account the interests of those affected by such decisions; and, in a manner that facilitates the exercise of individual privacy rights.

That guidance very closely echoes Britain’s Information Commissioner’s Office, which is that jurisdiction’s independent body mandated to uphold information rights.

Their version of Pipa — the UK General Data Protection Regulation, which is not part of Bermuda’s privacy law — contains a similar duty of fair conduct.

The Bermuda ICO’s guidance asserts that the duty of fairness also extends to treating “… individuals fairly when they seek to exercise their rights over their data. This ties in with your obligation to facilitate the exercise of individuals’ rights”.

However, as helpful as that non-binding guidance is, a duty of fair conduct in the context of Bermuda’s imminent privacy law may also go farther.

At common law, compliance with a duty of fairness also suggests that decisions affecting others should: not be undertaken with malice or in bad faith; be in accordance with a transparent process that is followed in all situations without favouritism, bias or unequal treatment; and, avoid arbitrary decisions towards those affected.

There is no question that PIPA’s imposed duty of fairness will require the private sector to carefully consider the management and administrative measures and policies that PIPA requires all users of personal information in Bermuda to formulate and adopt by January 1, 2025.

First Published in The Royal Gazette, Legally Speaking column, October 2023

Share
X.com LinkedIn Email Save as PDF
More Publications
050-Insolvency-Restructuring-Grid-Image
3 Jul 2025

Insolvency law: secured creditors take note (Bermuda)

The recent judgment delivered by the Supreme Court of Bermuda in the matter of Harold J. Darrell hig...

Appleby-Website-Insurance-and-Reinsurance
2 Jul 2025

Bermuda: Education has helped investors get more comfortable as ILS continues to grow

It’s been an exceptionally busy and record first half of the year for the catastrophe bond sector,...

Appleby-Website-Privacy-and-Data-Protection
25 Jun 2025

Impact of Privacy Law on Bermuda Business

On 1st January 2025, Bermuda’s Personal Information Protection Act 2016 (PIPA) came into full forc...

Appleby-Website-Regulatory-Practice
25 Jun 2025

Simplified Due Diligence in Bermuda

Simplified Due Diligence (SDD) and Reduced Due Diligence (RDD) are critical features of a modern, ri...

Appleby-Website-Employment-and-Immigration
23 Jun 2025

Practical Tips for Conducting Workplace Investigations

Allegations of harassment, bullying or other misconduct in the workplace can create a legal mine fie...

Bermuda-1024x576-1
19 Jun 2025

Bermuda encourages investment with residential certificates

On March 31, 2023, the Bermuda Government replaced its previous tool intended to attract capital to ...

Appleby-Website-Insurance-and-Reinsurance
11 Jun 2025

Bermuda Paves the Way for Captive Insurers with New Stablecoin Policy

The Bermuda Monetary Authority (BMA) has announced a significant new policy framework that allows ca...

Appleby-Website-Insurance-and-Reinsurance
10 Jun 2025

Bermuda benefits from a strong and capital efficient regulatory regime

Bermuda’s long-term reinsurance sector is experiencing a new phase of complexity and scrutiny but ...

050-Insolvency-Restructuring-Grid-Image
9 Jun 2025

Bankruptcy & Restructuring – To Enforce, or not to Enforce

Bermuda’s flagship restructuring process is the appointment of provisional liquidators, whose powe...

ICLG Fintech 21 cover
5 Jun 2025

Digital transformation done right (Bermuda)

As any specialised tech lawyer or technology consultant will tell you, digital transformation projec...