Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Bermuda: PrivCom publishes guidance on privacy in the workplace

On August 14, 2024, the Office of the Privacy Commissioner for Bermuda (PrivCom) announced on X (formerly Twitter) that it published a new guidance on privacy in the workplace. The Guidance will assist employees regarding their responsibilities, obligations, and duties under the Personal Information Protection Act 2011 (as amended in 2023) (PIPA) when using the personal information of their employees.

Key provisions

The Guidance provides practical examples and outlines the employer's obligations and responsibilities, including:

  • respect of general principles and rules such as requirements to:
    • use personal information in a lawful and fair manner (fairness);
    • provide clear, concise, easy-to-understand privacy notices;
    • collect and use personal information only for the purposes specified in the privacy notice (purpose limitation);
    • use personal information in an adequate, relevant, and not excessive manner (proportionality);
    • keep the integrity of personal information and not keep it for longer than is necessary;
    • implement appropriate security safeguards;
    • report breaches of security; and
    • respect rules on transfers to an overseas third party;
  • determination by employers, prior to using the personal information of their employees, which condition they rely upon - conditions include necessity requirement, consent, contract, legal obligation, emergency, task carried out in the public interest, and reasonable person test;
  • special considerations regarding occupational health, in particular the lawful basis and appropriate measures and policies, as well as access to medical records;
  • employer policies and employee monitoring, regarding CCTV and vehicle tracking, computer networks, internet, monitoring software, and covert surveillance in the workplace; and
  • employee rights, including the right to access, correct, block, erasure, and destruction.

You can read the press release here and the Guidance here.