Protection Against Personal Information Misuse

July 4, 2016

Economic Development Minister Dr Grant Gibbons tabled the Personal Information Protection Bill [PIPA] in the House of Assembly on Friday, saying “this legislation will also go a long way in providing protection against the potential misuse of personal information.”

Minister Gibbons said, “The Personal Information Protection Bill, also known as the PIPA, tabled earlier today, marks a milestone in the history of human rights in Bermuda.

“It provides all Bermuda residents with the right to have their personal information protected, known as the right to ‘informational privacy’ which is considered to be a basic human right in many countries. The PIPA Bill is critical for our advancement and recognition as a democratic and just society and also for the protection of Bermuda’s economic interests.

“We provide our personal information to organisations on a daily basis and have little knowledge about how that information is being used, shared and whether it is kept securely. This is particularly concerning in the digital age. While we understand that organisations need to use our personal information in order to provide services, it is only reasonable that we have some control over the use of the information that we provide to them.

“The PIPA Bill sets out the rights of individuals with respect to the use of their personal information by organisations. This legislation will also go a long way in providing protection against the potential misuse of personal information.

“The PIPA will apply to all organisations, businesses and the government that use personal information in Bermuda. The Bill outlines the requirements for organisations that use personal information to provide services for legitimate purposes, balanced against the individual’s rights. It also details a set of internationally accepted privacy principles that reflect accepted standards of good business practices for the use of personal information.

Minister Gibbons’s full statement follows below:

Mr. Speaker,
The Personal Information Protection Bill, also known as the PIPA, tabled earlier today, marks a milestone in the history of human rights in Bermuda. It provides all Bermuda residents with the right to have their personal information protected, known as the right to “informational privacy” which is considered to be a basic human right in many countries. The PIPA Bill is critical for our advancement and recognition as a democratic and just society and also for the protection of Bermuda’s economic interests.

Mr. Speaker,
We provide our personal information to organisations on a daily basis and have little knowledge about how that information is being used, shared and whether it is kept securely. This is particularly concerning in the digital age. While we understand that organisations need to use our personal information in order to provide services, it is only reasonable that we have some control over the use of the information that we provide to them.

The PIPA Bill sets out the rights of individuals with respect to the use of their personal information by organisations. This legislation will also go a long way in providing protection against the potential misuse of personal information.

Mr. Speaker,
The PIPA legislation will also bring Bermuda in line with our competitors. More and more jurisdictions allow the transfer of personal information only to countries they feel provide adequate protection. This list includes the European Union, in particular. We intend to submit an application to the European Union to be deemed “Adequate” in order to join this network of trusted countries.

In the light of “Brexit” and the UK leaving the European Union, a finding of “Adequacy” from the EU becomes even more important and would certainly provide Bermuda with a significant competitive advantage. Privacy legislation is also recognized as a major requirement for a country’s successful cybersecurity framework and for a vibrant digital economy.

Mr. Speaker,
The PIPA will apply to all organisations, businesses and the government that use personal information in Bermuda. The Bill outlines the requirements for organisations that use personal information to provide services for legitimate purposes, balanced against the individual’s rights. It also details a set of internationally accepted privacy principles that reflect accepted standards of good business practices for the use of personal information.

Many organisations have already adopted privacy practices either to comply with certain obligations or as matter of good business, as it builds trust. In keeping with our business friendly light regulatory traditions, PIPA avoids some of the administrative burdens placed on organisations that exist elsewhere, particularly in other small jurisdictions, with this type of legislation.

Mr. Speaker,
In the Department of E-Commerce’s ICT benchmarking report 2014-15, 97% of Bermuda’s residents believe that it is important to protect their personal information. While the PIPA provides important rights and protections that do not presently exist and are both welcome and necessary, we recognise that it will take time for organisations to prepare. That is why we do not intend to bring the PIPA into force for an approximate period of two years. During this time, the Privacy Commissioner will be issuing guidance and advice to assist organisations in their readiness for the implementation of the PIPA.

Mr. Speaker,
The introduction of the PIPA will also provide an important complement to the PATI legislation. Privacy is often confused with Freedom of Information. They have similarities but are different. They both exist to prevent abuses and they both provide for an individual’s right to access to information. However in PATI, this is limited to government information only. The PIPA provides rights for individuals to control the use of their personal information by all organisations, whereas PATI does not.

Mr. Speaker,
Our work has now been completed as promised in the “Speech From the Throne” in November, 2014. A significant amount of time, effort and research has gone into the development of the PIPA Bill in order to develop a privacy model that meets Bermuda’s unique requirements. The model on which the PIPA Bill is based went out for public consultation last summer and there has been support expressed for this legislation. As a result of the feedback received during that exercise, the model was refined. In addition, there have been several important developments in the international privacy arena as of late. The EU have issued new privacy regulations known as the General Data Protection Regulation [GDPR], and a new framework for the transfer of personal information between the EU and the US or “Privacy Shield”, as it is called, has also been developed. These have also been taken into consideration in the PIPA Bill. We feel that the Bill before you today provides a framework that balances comprehensive informational privacy rights with sensible regulation and that meets current international standards.

Mr. Speaker,
Most importantly, the PIPA Bill is for every individual, their family and friends. Without it, we are all at risk. That is why with this legislation we are drawing a line in the sand, and ensuring that informational privacy protection will now be a fundamental and enshrined core right in Bermuda.

Read More About

Category: All

.