Carey Olsen and Selectron in PIPA’s Pink Sandbox

An original version of this article was first published by The Royal Gazette, April 2025.

In 2021, the Office of the Privacy Commissioner launched the innovative 'Pink Sandbox'. The Privacy Innovation and Knowledge-sharing Sandbox has been designed to serve as a formal mechanism to allow PrivCom to engage with organisations early, without discouraging innovative programmes or ideas that do not have long histories of risk profiles.

The Pink Sandbox encourages a privacy by design approach that anticipates issues early, allowing partners to avoid missteps and build privacy into their products or services as a default setting.

Before PIPA came into force, PrivCom invited Bermuda organisations seeking to learn about and tool up in preparation for and in advance of its introduction to engage collaboratively.

The Pink Sandbox provided participating organisations with a fully immersive programme that included educational tools, information and support needed to understand their role and responsibilities under PIPA.

Participating organisations learnt how to conduct due diligence and data mapping exercises on the personal information they use, the different legal reasons permitting such use and how to develop and implement policies and procedures for the protection of that personal information in a manner proportionate to the risk posed by such use.

PrivCom invited participants and members of industry more generally to online training for directors, senior management, and other employees responsible for the use of personal information in Bermuda.

Selectron Ltd, a leader in the security installation industry, in collaboration with their lawyers, Carey Olsen, signed up to the Pink Sandbox in April 2022 to ensure that they were properly prepared for the introduction of PIPA in 2025.

Following PIPA's full implementation, Chris Worsick, Selectron's vice-president, said: "As a company that provides security solutions, we felt that it was imperative for us to engage in the Pink Sandbox to ensure that our team were fully equipped and trained for PIPA's implementation. We take the security and protection of our clients' and employee's personal information very seriously, and we are grateful for the PrivCom's guidance and the opportunity to engage in the Pink Sandbox."

Carey Olsen associate Mahogany Bean, and I, helped Selectron to create a full suite of privacy documents, including a privacy policy, framework, privacy notices, a due diligence plan and a data mapping tool designed to protect the personal information they use and ensure ongoing compliance with PIPA.

The Pink Sandbox provided our regulatory compliance team with an excellent opportunity to work collaboratively with Selectron and the PrivCom to understand the PIPA objectives, contribute towards the development of a culture of compliance and build a comprehensive yet proportionate approach for the team at Selectron to prepare for and maintain compliance with PIPA.

We would like to thank the Privacy Commissioner and his team for the opportunity to engage and we congratulate Selectron on their participation in the Pink Sandbox and their teams' successful completion of the PrivCom’s PIPA training programme.

Commissioner Alexander White said: “Just like other regulators around the world, PrivCom has developed "sandboxes," or structures where innovative organisations can test their product, project, or service and experiment in a controlled environment and in close co-ordination with oversight expertise. In the past, PrivCom’s Pink Sandbox focused on training and equipping participating organisations with the necessary knowledge, skills and framework geared towards PIPA compliance, as in the case of Selectron Ltd.

“In spring 2025, we will be relaunching the Pink Sandbox to support organisations which are engaged in emerging technologies and using personal information in innovative ways. We invite those interested to apply via our web site, privacy.bm.”

Carey Olsen Bermuda Limited is a limited liability company incorporated in Bermuda and approved and recognised under the Bermuda Bar (Professional Companies) Rules 2009. The use of the title "Partner" is merely to denote seniority. Services are provided on the basis of our current terms of business.