Office of the Privacy Commissioner for Bermuda Issues Data Breach Guide

Odia Kagan of Fox Rothschild writes:

The Office of the Privacy Commissioner for Bermuda has issued a helpful guide on the various types of harm that could be caused by a data breach.

The office also referred to the Future of Privacy Forum research on potential harms.

Read more here,

In their guidance, the Bermuda privacy commissioner’s office writes, in part:

PIPA section 44(3)(g), authorises the Commissioner to order an organisation that has suffered a breach of security “to provide specific information to persons in the event of a breach [of security] which is likely to cause significant harm to individuals.” [Emphasis added]

PIPA sections 47(1)(a) and (b) state that a person commits an office – or, in other words, is breaking the law – if they use, authorise use of, or gain access to personal information “in a manner that is inconsistent with this Act and is likely to cause harm to an individual or individuals.” [Emphasis added]

The guidance then goes on to describe different kinds of harms, drawing up on the scholarly typology of harms by  Daniel Solove and Danielle Citron and a categorical framework provided by Future of Privacy Forum (FPF).

It is so great to see thoughtful scholarly and advocacy work having an impact on a country’s approach to privacy and breach notification.

About the author: Dissent

Comments are closed.