Bermuda’s Personal Information Protection Act 2016 (PIPA) comes into force on 1 January 2025. PIPA regulates the Bermuda Monetary Authority’s (the Authority) use of personal information. The Authority’s Privacy Notice (click) provides amongst other information, the Authority’s use of personal information and the types of organisations and individuals to whom personal information may be disclosed. In accordance with PIPA, an individual may seek to access their personal information.
Guidance:
What is a Personal Information Access Request (PIAR or Request)?
The Personal Information Protection PIPA 2016 (PIPA) provides the BMA’s personnel with certain rights to access and control personal information relating to:
- personal information about you that is in the custody or control of the BMA;
- the purposes for which the personal information has been and is being used by the BMA; and
- the names of the persons or types of persons to whom (and circumstances in which) the personal information has been and is being disclosed.
For example, staff may seek access to their personal information regarding medical, psychiatric and social work matters.
Staff may make the following administrative requests (Requests) to the Authority by submitting a PIAR, which may need to be supported by reasons. Such Requests include:
- making a correction of an error or omission in any of your personal information which is under the control of the BMA;
- requesting that the BMA not use your personal information for advertising, marketing or public relations purposes;
- requesting that the BMA not use your personal information where that use is causing or is likely to cause substantial damage or substantial distress to you;
- requesting for the BMA to erase or destroy your personal information.
Click here to submit a PIAR
[Insert text here]
Internal Review
An individual who has made a Personal Information Request Access Request (PIAR) to the Authority pursuant to the Act may request for the Authority to a review of any decision made with respect to a PIAR or of any failure to take any action that the Authority is required to take in respect of such PIAR
Time limit to request Internal Review
A request for an Internal Review must be made within six weeks of the date when the individual is notified of the Authority’s decision made in respect of the PIAR.
How to make a request for an Internal Review
Instead of applying to the Privacy Commissioner for a review of the Authority’s decision, an individual may apply for an Internal Review in writing. Please note that where this process is followed, this decision which is made by the BMA CEO, will be the final decision for the purposes of the timeframe (in accordance with PIPA) for which an individual may apply to the Privacy Commissioner for a review (i.e., such is considered the BMA’s final decision). An Internal Review request may be submitted through the PIPA portal on the Authority’s website. Once the request for Internal Review has been received, the Authority shall acknowledge the request and commence its review and respond. The Authority may contact the Applicant at any time during the Internal Review period where further information or clarity regarding the request is needed.
The Internal Review Decision
The CEO shall within six weeks after receiving a request for an Internal Review
- complete the review;
- make a decision with regard to the Internal Review request;
- notify the individual of the decision and the reasons for the decision; and
- notify the individual of their right to apply to the Privacy Commissioner of Bermuda for a review of the Authority’s decision.
Contact us
Bermuda Monetary Authority’s Privacy Officer
Dina Wilson, Director Legal Services and Enforcement
43 Victoria Street, Hamilton HM 12
Tel: (441) 278-0250
Email: PIPA@bma.bm
