Although PIPA only applies to the use of personal information in Bermuda, PIPA makes no distinction about the residence, domicile, or geographic location of the individual – defined in PIPA only as “a natural person” – whose personal information (ie any information about an identified or identifiable individual) is being used.

The reality that individuals around the world, who have no other connection to Bermuda other than the fact that an organisation is using their personal information here, can assert their privacy right under PIPA carries some important implications for all organisations that collect and use personal information in Bermuda.

There are many ways in which personal information is collected for use from individuals who are outside of Bermuda. For example, international visitors to Bermuda may provide their personal information to their hotels, to a retailer, to vehicle rental agencies, or to various medical service providers here.

As well, personal information might be provided by persons who are outside of Bermuda to local financial institutions, such as banks or investment firms, to consulting, accounting and law firms, or to the individual’s employer whose head office is on-island.

A very common circumstance where sensitive personal information is collected occurs when insurance companies from around the world provide, in the ordinary course of business, comprehensive insurance claims information to their Bermuda reinsurer.

As a jurisdiction that relies heavily on international business, Bermuda’s anti-money laundering and antiterrorism financing duties associated with “know your customer” requirements results in a significant amount of personal information, which can be highly sensitive, to be collected and used by both the private and public sectors in Bermuda.

Of course, the operation of PIPA in this regard is neither exceptional nor unintended. PIPA was fundamentally designed to protect the privacy rights of individuals from around the world here in Bermuda.

The ability of individuals to hold organisations who use their personal information fully accountable under PIPA is what makes Bermuda, in the eyes of international privacy law, a “safe harbour” that allows such personal information to be legally exported for its use in Bermuda.

However, being an international safe harbour also means that any potential breaches of PIPA, and incidents of unauthorised access to, publication of, or use of personal information, may also attract the international attention and scrutiny by both foreign privacy regulators and by potentially many individuals around the world who may be adversely affected in those potential circumstances.

First Published in The Royal Gazette, Legally Speaking column, March 2024

Share
X.com LinkedIn Email Save as PDF
More Publications
Appleby-Website-Privacy-and-Data-Protection
25 Jun 2025

Impact of Privacy Law on Bermuda Business

On 1st January 2025, Bermuda’s Personal Information Protection Act 2016 (PIPA) came into full forc...

Appleby-Website-Regulatory-Practice
25 Jun 2025

Simplified Due Diligence in Bermuda

Simplified Due Diligence (SDD) and Reduced Due Diligence (RDD) are critical features of a modern, ri...

Appleby-Website-Employment-and-Immigration
23 Jun 2025

Practical Tips for Conducting Workplace Investigations

Allegations of harassment, bullying or other misconduct in the workplace can create a legal mine fie...

Bermuda-1024x576-1
19 Jun 2025

Bermuda encourages investment with residential certificates

On March 31, 2023, the Bermuda Government replaced its previous tool intended to attract capital to ...

Appleby-Website-Insurance-and-Reinsurance
11 Jun 2025

Bermuda Paves the Way for Captive Insurers with New Stablecoin Policy

The Bermuda Monetary Authority (BMA) has announced a significant new policy framework that allows ca...

Appleby-Website-Insurance-and-Reinsurance
10 Jun 2025

Bermuda benefits from a strong and capital efficient regulatory regime

Bermuda’s long-term reinsurance sector is experiencing a new phase of complexity and scrutiny but ...

050-Insolvency-Restructuring-Grid-Image
9 Jun 2025

Bankruptcy & Restructuring – To Enforce, or not to Enforce

Bermuda’s flagship restructuring process is the appointment of provisional liquidators, whose powe...

ICLG Fintech 21 cover
5 Jun 2025

Digital transformation done right (Bermuda)

As any specialised tech lawyer or technology consultant will tell you, digital transformation projec...

Appleby-Website-Insurance-and-Reinsurance
2 Jun 2025

2025 Global Financial Crisis Stress Test: Bermuda

The Bermuda Monetary Authority (BMA) has recently published instructions for a significant data coll...

Bermuda-1024x576-1
22 May 2025

Corporate real estate acquisition in Bermuda

Corporate real estate acquisitions in Bermuda are a matter of careful balance. That is because, a...