Odia Kagan of Fox Rothschild writes:
The Office of the Privacy Commissioner for Bermuda has issued a helpful guide on the various types of harm that could be caused by a data breach.
The office also referred to the Future of Privacy Forum research on potential harms.
Read more here,
In their guidance, the Bermuda privacy commissioner’s office writes, in part:
PIPA section 44(3)(g), authorises the Commissioner to order an organisation that has suffered a breach of security “to provide specific information to persons in the event of a breach [of security] which is likely to cause significant harm to individuals.” [Emphasis added]
PIPA sections 47(1)(a) and (b) state that a person commits an office – or, in other words, is breaking the law – if they use, authorise use of, or gain access to personal information “in a manner that is inconsistent with this Act and is likely to cause harm to an individual or individuals.” [Emphasis added]
The guidance then goes on to describe different kinds of harms, drawing up on the scholarly typology of harms by Daniel Solove and Danielle Citron and a categorical framework provided by Future of Privacy Forum (FPF).
It is so great to see thoughtful scholarly and advocacy work having an impact on a country’s approach to privacy and breach notification.