On July 13, 2023, the Supreme Court of Canada (SCC) denied leave to appeal from three Ontario Court of Appeal (ONCA) decisions declining to apply the tort of intrusion upon seclusion to database defendants—i.e., organizations...more
The Federal Court of Canada released a decision on April 14, 2023 in OPC v Facebook Inc.,2023 FCC 533 [Facebook], dismissing the Privacy Commissioner's application against Facebook (now Meta Platforms, Inc.) stemming from...more
The Ontario Court of Appeal recently released a trilogy of decisions (Winder v. Marriott International, Inc., 2022 ONCA 815; Obodo v. Trans Union of Canada, Inc., 2022 ONCA 814; Owsianik v. Equifax Canada Co., 2022 ONCA 813)...more
Fintechs and other entities that contract with federally regulated financial institutions (FRFIs) should be aware of the possibility of more stringent requirements regarding risk management in their commercial...more
On June 14, 2022, federal Public Safety Minister Marco Mendicino introduced Bill C-26, An Act Respecting Cyber Security (ARCS). Intended to strengthen cybersecurity of vital services and vital systems, this proposed...more
Understanding the Draft of the Consumer Privacy Protection Act and Artificial Intelligence and Data Act -
On June 16, 2022, the Digital Charter Implementation Act, 2022 (DCIA) was introduced as Bill C-27. The DCIA will...more
6/20/2022
/ Artificial Intelligence ,
Canada ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
New Legislation ,
Personal Information
Ransomware continues to present an increasing risk to all organizations. Ransomware attacks can involve the installation of malicious software designed to block access to computer systems and/or steal data, and a...more
3/15/2022
/ Canada ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Financial Crimes ,
Financial Institutions ,
Financial Reporting ,
Popular ,
Ransomware
On November 9, 2021, the Office of the Superintendent of Financial Institutions (OFSI) launched a three-month public consultation on the Draft Guideline B-13: Technology and Cyber Risk Management....more
OSFI, the Canadian Federal Office of the Superintendent of Financial Institutions, on August 13, 2021, issued new guidance on Technology and Cyber Security Incident Reporting, replacing prior guidance of March 2019....more
8/31/2021
/ Canada ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Risk Management
Insurer AXA, among Europe's top five insurers, recently announced that it was suspending insurance coverage in France for ransomware extortion payments. AXA said it made this decision in response to concerns raised by French...more
Federal Privacy Commissioner Calls for Stronger Privacy Protections in Bill C-11 -
In November 2020, the federal government tabled Bill C-11, the proposed new private-sector privacy law that would replace the current...more
On April 30, 2021, the Government of Ontario introduced Building a Digital Ontario, the province's new digital and data strategy, which lays the foundation for Ontario to become "the world's leading digital jurisdiction."...more
The long-awaited comprehensive reform to Canada's private sector privacy legislation is now finally underway. On November 17, 2020, the Digital Charter Implementation Act, 2020 (DCIA) was introduced. The DCIA will enact the...more
Comprehensive reform to Canada's privacy legislation—which privacy experts have long anticipated—is now imminent. Today, the Minister of Innovation, Science and Industry, the Honourable Navdeep Bains, tabled the Digital...more
In its Annual Report to Parliament on the Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA), the Office of the Privacy Commissioner (OPC) has repeated its previous calls for reform to...more
Ontario's Ministry of Government and Consumer Services recently announced that it is contemplating new private sector privacy legislation (PSPL) to govern how businesses collect, use and disclose customers' data. The Ministry...more
The Canadian Internet Registration Authority (CIRA) launched a domain name system (DNS) service on April 23, 2020. CIRA is the entity responsible for overseeing Canada's .ca country-code top-level domain (ccTLD). CIRA is...more
It is not only hackers who pose a risk to an organization's information security; hostile insiders do as well. According to Verizon, an estimated 34 percent of data breaches involve internal actors. Hostile insiders may be...more
As the COVID-19 outbreak continues, scammers and hackers are taking advantage of the fear and confusion surrounding the current circumstances by posing as reputable news sources, or offering information. These malicious...more
The OIPC has issued recent guidance for private sector organizations operating in British Columbia, which include provincially or federally incorporated companies that conduct business in the province and are subject to the...more
2020 is shaping up to be a significant year for regulation of privacy issues, with two significant events taking place so far this year. In early February, the Office of the Privacy Commissioner (OPC) commenced an action...more
3/10/2020
/ Artificial Intelligence ,
Cambridge Analytica ,
Canada ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Data Security ,
OPC ,
PIPEDA ,
Popular
Violations of privacy—already overseen by the Office of the Privacy Commissioner of Canada (as well as provincial privacy commissioners)—may soon be subject to fines under the federal Competition Act. In a statement yesterday...more
Between 2016 and 2019, Business Email Compromise (BEC) scams cost American organizations US$3.1 billion in losses and Canadian organizations US$33.6 million. This type of pervasive scam targets large and small businesses...more
10/8/2019
/ Business E-Mail Compromise (BEC) ,
CEOs ,
Cyber Attacks ,
Cybersecurity ,
Email Policies ,
Fraud ,
Internal Controls ,
Popular ,
Risk Management ,
Scams ,
Small Business ,
Vulnerability Assessments
Summer 2019 saw a flurry of major fines levied against large corporations for data breaches and other privacy violations. Ranging from a €460,000 fine under the European General Data Protection Regulation (GDPR) for a Dutch...more
The recently announced federal government cybersecurity certification program is targeted at small- and medium-sized enterprises (SMEs), but larger organizations should also take note....more