• Overview
  • Scope of PIPA
  • Complying with PIPA

What is
PIPA?

The Personal Information Protection Act (PIPA) of 2016 is a law passed by the government of Bermuda. It sets the requirements for the proper use of personal information by organizations while also highlighting individuals' rights concerning this usage.

Although introduced in July 2016, the act will take full effect starting on Jan. 1, 2025 and will be enforced by independent compliance officials within the region of Bermuda.

What qualifies as
personal
information?

Personal information only includes information by which individuals can be identified. Personal information may also include sensitive personal information, which can only be used in more limited circumstances.

PIPA principles

According to PIPA, all organizations will be subject to the
following principles:

  • Responsibility and compliance

    Responsibility and compliance

    Every organization must adopt suitable measures to fulfill its obligations and protect the rights of individuals.

  • Conditions for using personal information

    Conditions for using personal information

    Personal information must be used with the consent of the individual in such a way that the organization can demonstrate that the individual has consented.

  • Sensitive personal information

    Sensitive personal information

    Sensitive personal information must be used in a lawful, nondiscriminatory manner.

  • Fairness

    Fairness

    Organizations must identify valid, lawful grounds for using personal information.

  • Privacy notices

    Privacy notices

    Organizations must provide clear, easily accessible statements on their policies with respect to personal information.

  • Purpose limitation

    Purpose limitation

    Organizations can only use personal information according to the specified purposes.

  • Proportionality

    Proportionality

    Organizations must ensure that the personal information collected is adequate, relevant, and not excessive for the purposes for which it was collected.

  • Integrity of personal information

    Integrity of personal information

    Organizations must ensure that any personal information used is accurate and up to date to the extent necessary for the purposes of use.

  • Security safeguards

    Security safeguards

    Organizations must protect all personal information with appropriate safeguards against loss, unauthorized access, or misuse.

  • Security breaches

    Security breaches

    In the event of a breach of security, organizations must carry out the stipulated precautionary measures without delay.

  • Transfers of personal information to an overseas third party

    Transfers of personal information to an overseas third party

    In the event of personal information transfers to an overseas third party, the organization remains responsible for compliance with this act.

Complying with Bermuda's PIPA

With ManageEngine's comprehensive suite of IT management solutions, you can ensure
that compliance requirements concerning information collection, information security,
and audits are met with the utmost care and attention to detail.

  • Responsibility and compliance
  • Conditions for using personal information
  • Sensitive personal information
  • Fairness
  • Privacy notices
  • Purpose limitation
  • Proportionality
  • Integrity of personal information
  • Security safeguards
  • Security breaches
  • Transfers of personal information to an overseas third party

Responsibility and compliance

How your organization can help

Appoint an information officer who will bear the responsibility of ensuring compliance when it comes to data processing and collection. Ensure that the data subject provides written consent to the processing of their data.

How IT can help

Identity and access management tools help establish role-based access controls so that only authorized personnel can handle sensitive data.

How ManageEngine can help

Access Manager Plus
Create custom roles with preset permissions to ensure users have only the access required to perform their tasks.

M365 Manager Plus
Establish role-based access controls for Microsoft 365 administration.

Endpoint Central
Grant the permissions of your choice based on multiple predefined and/or tailor-made roles using role-based access controls.

AD360
Select any combination of management, auditing, reporting, and alerting tasks concerning AD and Microsoft 365, then delegate them by creating custom help desk roles.

Conditions for using personal information

How your organization can help

Collect and store only the data that is required for specific, lawful purposes. Ensure that the processing of this data is done through lawful means.

How IT can help

Locate and delete junk data, including obsolete and duplicate files, using data discovery tools.

How ManageEngine can help

DataSecurity Plus
Identify anomalous data access, collection, modification, and deletion. Locate and delete junk data, including stale, duplicate, and orphaned files.

Endpoint Central
Grant the permissions of your choice based on multiple predefined and/or tailor-made roles using role-based access controls.

Sensitive personal information

How your organization can help

Limit access to sensitive personal information to only the authorized stakeholders who are tasked with processing the information.

How IT can help

Use a real-time alert mechanism to get notified about unauthorized access to, modifications of, or deletions of files with confidential information.

How ManageEngine can help

Endpoint Central
Keep personal and corporate data separate on your devices. Delete users' personal data from your servers, revoking access to that data.

Password Manager Pro
Prevent unauthorized users from exploiting privileged access to personal data repositories.

DataSecurity Plus
Identify users with full control access to files shared on Windows devices. Locate all files and folders shared with multiple users.

PAM360
Ensure that only authorized users can remotely access sensitive data for specific time periods.

Endpoint DLP Plus
Designate applications as trusted so that all sensitive data from these apps is labeled sensitive.

Fairness

How your organization can help

Identify valid, lawful grounds under PIPA for using personal information.

How IT can help

Schedule regular scans and audits to monitor the integrity of data and periodically delete outdated data.

How ManageEngine can help

DataSecurity Plus
Detect and respond to sensitive data leaks through real-time monitoring.

Endpoint DLP Plus
Consolidate and categorize personal information through predefined templates and custom mechanisms.

Privacy notices

How your organization can help

Have documents on organizational policies and practices regarding personal data management readily available for individuals to view and comprehend.

How IT can help

Maintain full transparency when it comes to privacy policies and practices. Have dedicated pages on your company's website that clearly list the data security and privacy best practices that your company follows.

How ManageEngine can help

ManageEngine's privacy policy
ManageEngine, in accordance with our parent company, Zoho Corporation, makes every effort to ensure your data is secure and not used without your consent. We only collect the information that we actually need. Some of that is information that you consent to give us when you sign up for an account, register for an event, ask for customer support, or make a purchase.

Purpose limitation

How your organization can help

Collect, store, and process data only for specific purposes and only with the consent of the data subject.

How IT can help

Locate and delete junk data, including obsolete and duplicate files, using data discovery tools.

How ManageEngine can help

Endpoint Central
Keep personal and corporate data separate on mobile devices. Delete personal data from your servers and revoke access to that data.

Password Manager Pro
Prevent unauthorized users from exploiting privileged access to personal data repositories.

ADAudit Plus
Enable real-time Windows AD auditing, logon and logoff auditing, and Windows Server auditing.

DataSecurity Plus
Find users with full control access to your Windows shares and locate the files and folders shared with everyone.

PAM360
Ensure that only authorized users can remotely access sensitive data for specific periods of time.

Proportionality

How your organization can help

The information you collect and store should be accurate, complete, and not misleading. It should only be updated when necessary.

How IT can help

A real-time alert mechanism can alert you to unauthorized access to, modifications of, or deletions of files with confidential data.

How ManageEngine can help

Endpoint Central
Schedule device scans to ensure the availability and integrity of personal data.

DataSecurity Plus
Monitor and delete outdated or incorrect data.

Browser Security Plus
Scan active browsers to ensure the protection of data.

Access Manager Plus
Create context-rich logs of user sessions and instantly send SNMP traps and syslog messages to SIEM tools to support compliance audits.

Integrity of personal information

How your organization can help

The data you collect must be stored in an organized manner, kept up to date, and held only for the duration of the purposes for which it was collected.

How IT can help

Data discovery tools can help you locate data promptly and delete or modify data upon request.

How ManageEngine can help

Log360
Audit databases to determine how long data has been stored and delete personal information once the storage threshold is reached.

DataSecurity Plus
Identify where personal and sensitive data is stored to facilitate further processing.

Endpoint DLP Plus
Scan endpoints within your network for quick data modifications or deletions upon request.

Security safeguards

How your organization can help

Take technical and organizational measures to ensure the integrity, confidentiality, and security of the collected data.

How IT can help

Detect vulnerabilities and external attacks using log management tools and perform RCA on breaches using log forensics.

How ManageEngine can help

Log360
Detect potential external threats and more using Log360's real-time correlation engine. Conduct RCA with its intuitive log search engine.

Patch Manager Plus
Scan endpoints to detect missing patches and automate the deployment of tested patches.

EventLog Analyzer
Audit all changes to personal data and all activities on systems that store personal data. Send timely alerts to data protection officers whenever the integrity of the data is being compromised.

DataSecurity Plus
Audit file and folder actions and maintain audit trails of access attempts. Trigger instant alerts to admins when suspicious activities are detected. Contain and delete ransomware infections to prevent data loss.

Endpoint DLP Plus
Limit data access to essential, relevant personnel based on their security clearance and task-specific requirements.

Security breaches

How your organization can help

Notify the proper authorities of the full details of any security breach and the measures that your organization will implement to mitigate the breach.

How IT can help

Detect, investigate, and respond to security threats using sophisticated threat detection and mitigation solutions.

How ManageEngine can help

Log360
Assess the impacts of security incidents by conducting post-attack analysis and identify attack patterns to stop future attacks.

DataSecurity Plus
Proactively detect and shut down the spread of ransomware attacks. Detect attacks and threats and automate immediate responses to them.

Transfers of personal information to an overseas third party

How your organization can help

You must only transfer data out of Bermuda to those states and territories that ensure protection for the rights and freedoms of the data subjects.

How IT can help

Monitor, authorize, or block data activities, including the movement of data between devices, to identify potential breaches ahead of time and ensure data security.

How ManageEngine can help

Endpoint Central
Set alerts in case a device does not check in with the server for a predefined period of time.

Log360
Centralize and correlate security data to identify potential data breaches instantly.

DataSecurity Plus
Monitor and block the movement of personal data to USB devices or as email attachments. Reduce incident response times with instant alerts. Generate alerts and reports on unwanted access or anomalies in file access and modifications. Maintain a document of all file and folder deletion actions.

Endpoint DLP Plus
Configure policies to restrict the movement of sensitive information to peripheral devices.

Get guidance on PIPA compliance

Talk to our experts to get more information on how your organization can
meet the PIPA compliance mandate.

Please enter the name
Please enter your phone number

  • Endpoint Security
  • Endpoint Management
  • Patch Management
  • Password Management
  • Privileged Access Management
  • Compliance Reports
  • Log Analysis (SIEM)
  • GDPR Report Templates
  • Critical Alerts & Notifications
  • Active Directory Security & Reports
  • SSH/SSL Key Management
  • Mobile Device Management
  • File Integrity Monitoring
  • Data Breach Monitoring
  • Browser Security
  • Data Security
  • Microsoft 365 Management
Please select the product
Country*

By clicking ‘Submit’, you agree to the processing of personal data according to our Privacy Policy.

Disclaimer

Fully complying with PIPA requires a variety of solutions, processes, people, and technologies. The solutions mentioned above are some IT management tools that can help with some of the act's requirements. Coupled with other appropriate solutions, processes, and people, ManageEngine's solutions can help you achieve and sustain compliance with the act. This material is provided for informational purposes only and should not be considered as legal advice for PIPA compliance. ManageEngine makes no warranties, express, implied, or statutory, as to the information in this material.