PIPA requires all organisations, in both the public and private sectors, to act reasonably in meeting their responsibilities under the Act, as well as ensure that they use personal information in a lawful and fair manner.

The lawful part is nothing new, and the obligation to act reasonably is pervasive across statutory and contractual obligations.

However, a duty to act fairly is usually associated with public sector conduct and administrative procedure, and is comparatively new legal territory for the private sector.

Pipa is flexibly structured to impose greater duties of care and protection where there is a greater risk of harm to the individual should their personal information be wrongfully used or disclosed. Therefore, organisations have a very wide ambit of discretion and judgment along that continuum of compliance.

The conduct that a duty of fairness may require for private sector organisations under PIPA has been addressed by the Privacy Commissioner, who has published helpful guidance.

The fairness principles that the Privacy Commissioner advanced includes conduct: to handle personal information in ways that individuals would reasonably expect; to not deceive or mislead individuals; that takes into account the interests of those affected by such decisions; and, in a manner that facilitates the exercise of individual privacy rights.

That guidance very closely echoes Britain’s Information Commissioner’s Office, which is that jurisdiction’s independent body mandated to uphold information rights.

Their version of Pipa — the UK General Data Protection Regulation, which is not part of Bermuda’s privacy law — contains a similar duty of fair conduct.

The Bermuda ICO’s guidance asserts that the duty of fairness also extends to treating “… individuals fairly when they seek to exercise their rights over their data. This ties in with your obligation to facilitate the exercise of individuals’ rights”.

However, as helpful as that non-binding guidance is, a duty of fair conduct in the context of Bermuda’s imminent privacy law may also go farther.

At common law, compliance with a duty of fairness also suggests that decisions affecting others should: not be undertaken with malice or in bad faith; be in accordance with a transparent process that is followed in all situations without favouritism, bias or unequal treatment; and, avoid arbitrary decisions towards those affected.

There is no question that PIPA’s imposed duty of fairness will require the private sector to carefully consider the management and administrative measures and policies that PIPA requires all users of personal information in Bermuda to formulate and adopt by January 1, 2025.

First Published in The Royal Gazette, Legally Speaking column, October 2023

Share
Twitter LinkedIn Email Save as PDF
More Publications
23 May 2024

Regulatory oversight is key for Bermuda’s insurance sector

Bermuda’s thriving insurance and reinsurance sector requires effective regulatory oversight if it ...

9 May 2024

It is all about the data

All successful enterprises have a voracious appetite for data. The advanced abilities of IT systems ...

3 May 2024

Best Practices for Conducting Investigations into Employee Grievances

Grievance procedures are very important, but often overlooked, procedures that all employers should ...

25 Apr 2024

Trusts, and how they came to be

What traces its history through Ancient Rome and the Crusades, can have many de facto owners, none a...

8 Apr 2024

Electronic dissemination of corporate communications by Hong Kong listed issuers from an offshore perspective

In June 2023, The Stock Exchange of Hong Kong Limited published consultation conclusions to its cons...

3 Apr 2024

Bermuda: Lack of New Players Is Supporting Strong Interest in ILS

All signs point to another very strong year for the catastrophe bond and related insurance-linked se...

2 Apr 2024

Choosing the right structure for your business in Bermuda

Anyone seeking to set up a business in Bermuda has a variety of options, depending on the nature of ...

25 Mar 2024

PIPA Compliance is Not Just a Domestic Affair

As organizations in Bermuda prepare for the full application of the Personal Information Protection ...

25 Mar 2024

How Bermuda trusts can help with worldwide estate planning

Trusts still have an important role to play in onshore tax planning, as acknowledged by the British ...

14 Mar 2024

Privacy Rights Extend Outside Bermuda

As Bermuda prepares for the full application of the Personal Information Protection Act 2016 on Janu...