Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Bermuda: PrivCom publishes guidance note on harms caused from misused personal information

The Bermuda Office of the Privacy Commissioner ('PrivCom') published, on 7 September 2021, a guidance note describing the risks and potential harms to individuals that organisations and privacy officers should consider when processing personal information. In particular, the guidance note underscores that under Section 13 of the Personal Information Protection Act ('PIPA') organisations must consider the risk of harm to an individual when they are assessing what security safeguards are needed when they suffer a breach. Additionally, the guidance note states that PIPA's provisions contain flexibility to allow organisations to approach the aforementioned issues in a variety of ways. Furthermore, the guidance note provides a non-exhaustive list of privacy harms for organisations to consider if personal information of individuals gets lost, used in an unauthorised way, or otherwise misused including:

  • physical harm;
  • economic harm;
  • reputational harm;
  • relationship harm;
  • discrimination harm;
  • data quality harm;
  • lack of informed choice harm; and
  • loss of autonomy harm.

You can read the guidance note here.