Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Bermuda: PrivCom publishes guidance on privacy in the workplace
On August 14, 2024, the Office of the Privacy Commissioner for Bermuda (PrivCom) announced on X (formerly Twitter) that it published a new guidance on privacy in the workplace. The Guidance will assist employees regarding their responsibilities, obligations, and duties under the Personal Information Protection Act 2011 (as amended in 2023) (PIPA) when using the personal information of their employees.
Key provisions
The Guidance provides practical examples and outlines the employer's obligations and responsibilities, including:
- respect of general principles and rules such as requirements to:
- use personal information in a lawful and fair manner (fairness);
- provide clear, concise, easy-to-understand privacy notices;
- collect and use personal information only for the purposes specified in the privacy notice (purpose limitation);
- use personal information in an adequate, relevant, and not excessive manner (proportionality);
- keep the integrity of personal information and not keep it for longer than is necessary;
- implement appropriate security safeguards;
- report breaches of security; and
- respect rules on transfers to an overseas third party;
- determination by employers, prior to using the personal information of their employees, which condition they rely upon - conditions include necessity requirement, consent, contract, legal obligation, emergency, task carried out in the public interest, and reasonable person test;
- special considerations regarding occupational health, in particular the lawful basis and appropriate measures and policies, as well as access to medical records;
- employer policies and employee monitoring, regarding CCTV and vehicle tracking, computer networks, internet, monitoring software, and covert surveillance in the workplace; and
- employee rights, including the right to access, correct, block, erasure, and destruction.