Bermuda’s Personal Information Protection Act 2016 (PIPA) comes into force on 1 January 2025. PIPA regulates the Bermuda Monetary Authority’s (the Authority or BMA) use of personal information.
The Authority’s Privacy Notice provides amongst other information, the Authority’s use of personal information and the types of organisations and individuals to whom personal information may be disclosed. In accordance with PIPA, an individual may seek to access their personal information.
Guidance
What is a Personal Information Access Request (PIAR or Request)?
The Personal Information Protection PIPA 2016 (PIPA) provides an individual with certain rights to access and control their personal information. Therefore, an individual can submit a PIAR to the Authority to seek:
- personal information about you that is in the custody or control of the BMA;
- the purposes for which your personal information has been and is being used by the BMA; and
- the names of the persons or types of persons to whom (and circumstances in which) your personal information has been and is being disclosed.
For example, an individual may seek access to their personal information regarding medical, psychiatric and social work matters.
Additionally, an individual may make the following administrative requests to the Authority by submitting a PIAR, which may need to be supported by reasons such as:
- making a correction of an error or omission in any of your personal information which is under the control of the BMA;
- requesting that the BMA not use your personal information for advertising, marketing or public relations purposes;
- requesting that the BMA not use your personal information where that use is causing or is likely to cause substantial damage or substantial distress to you;
- requesting for the BMA to erase or destroy your personal information.
Click here to submit a PIAR [button]
To assist the BMA in verifying the identity of an individual who is making a request to access their personal information, the BMA will seek the following evidence of identity upon submission of a PIAR.
- Certified copy of valid passport; or
- Certified copy of valid driver’s licence; or
- Certified copy of birth certificate
If a third party is submitting the request on behalf of an individual, then the BMA will seek the following additional evidence.
- Certified copy of a valid power of attorney
Internal Review
An individual who has made a Personal Information Request Access Request (PIAR) to the Authority pursuant to PIPA may request for the Authority to a review of any decision made with respect to a PIAR or of any failure to take any action that the Authority is required to take in respect of such PIAR
Time limit to request Internal Review
A request for an Internal Review must be made within six weeks of the date when the individual is notified of the Authority’s decision made in respect of the PIAR.
How to make a request for an Internal Review
Instead of applying to the Privacy Commissioner for a review of the Authority’s decision, an individual may apply for an Internal Review in writing. Please note that where this process is followed, the decision which is made by the BMA CEO, will be the final decision for the purposes of the timeframe (in accordance with PIPA) for which an individual may apply to the Privacy Commissioner for a review (i.e., such is considered the BMA’s final decision). An Internal Review request may be submitted through the PIPA portal on the Authority’s website. Once the request for Internal Review has been received, the Authority shall acknowledge the request, commence its review and respond. The Authority may contact the individual at any time during the Internal Review period where further information or clarity regarding the request is needed.
The Internal Review Decision
The CEO shall within six weeks after receiving a request for an Internal Review:
- complete the review;
- make a decision;
- notify the individual of the decision and the reasons for the decision; and
- notify the individual of their right to apply to the Privacy Commissioner of Bermuda for a review of the Authority’s decision.
Contact us
Bermuda Monetary Authority’s Privacy Officer
Dina Wilson, Director Legal Services and Enforcement
43 Victoria Street, Hamilton HM 12
Tel: (441) 278-0250
Email: PIPA@bma.bm
