MT Cybersecurity Blog

Conceptual illustration of digital security and data protection with digital display

Miller Thomson Blogs put a more conversational lens on Canadian law. See the diverse perspectives of our lawyers here.

Displaying 1-10 of 67

OSFI updates cybersecurity breach notification requirements

September 13, 2021 | David Krebs, Domenic Presta, Amanda Cutinha

The Office of the Superintendent of Financial Institutions (“OSFI”) released a new Advisory on Technology and Cyber Security Incident Reporting, effective August 13, 2021 (the “Advisory”) which seeks to govern how federally-regulated financial institutions (“FRFIs”) should disclose and report technology...


Ransomware trickles down into your supply chain – Kaseya cyberattack highlights cybersecurity risks and business impact

July 9, 2021 | David Krebs, Giovanni Giuga

Over the July long weekend, Canadian, American, and other international businesses were victims of a far-reaching ransomware attack. The REvil group, a ransomware syndicate also known as Sodin or Sodinokibi, are believed to be behind the attack. This gang’s most prominent...


Canadian organizations take note – Data Protection Authority fines foreign-based business under GDPR for not having “Article 27” representative

May 17, 2021 | David Krebs, Samantha Santos

As we have discussed in several previous articles, Canadian businesses and other organizations can be subject to the European General Data Protection Regulation (“GDPR”) for a number of reasons and in a number of different contexts, be it as a...


Ransomware – Privacy law, sanctions, and the pandemic

April 22, 2021 | David Krebs, Daniel Kiselbach, Thomas Ghag

It is trite to say that no matter the sector, size, or location of an organization, cyberattacks can be devastating. As we have seen throughout 2020 and this year in Canada and elsewhere, data breaches and operational interruptions caused by...


The Consumer Privacy Protection Act (CPPA): Increasing accountability and transparency

February 16, 2021 | Jaclyne Reive, Kristin Dosen

In a recent MT Cybersecurity Blog, we discussed Bill C-11, the Consumer Privacy Protection Act (the “CPPA”), which was introduced on November 17, 2020, by the Minister of Innovation, Science and Industry with the aim of modernizing federal privacy law...


“Made in Canada” – What is happening to Privacy by Design under the CPPA?

February 5, 2021 | David Krebs, Samantha Santos

“Privacy by Design” has long been understood as the “gold standard” of data protection and at the core of how to sustain privacy rights in the digital age. It is a concept that can be said to have been “made...


Consent and the business activities exemption: A dive into the Consumer Privacy Protection Act (CPPA)

December 29, 2020 | Lisen Bassett, Kelly Harris

Now in its Second Reading, Bill C-11, the Consumer Privacy Protection Act (“CPPA”), is moving ever closer to adoption. The opening remarks by the Bill’s sponsor, MP Navdeep Bains, emphasized the law’s focus on control and consent with the aim...


Canadian privacy law 2.0: Artificial intelligence (AI) and Bill C-11, the Consumer Privacy Protection Act

December 7, 2020 | Myron Mallia-Dare, David Krebs

In a recent announcement, the Canadian federal Privacy Commissioner of Canada (“OPC”) released a report containing recommendations on how AI should be treated under Canadian privacy law, and what protections need to be in place to ensure AI applications reach...


The dawn of Canadian Privacy Law 2.0: The Consumer Privacy Protection Act introduced

November 19, 2020 | David Krebs, Kelly Harris

The long-awaited overhaul of federal private sector privacy law, as outlined in our previous blog post, is finally here. The Digital Charter Implementation Act was introduced for First Reading on November 17, 2020, as Bill C-11. If enacted, the new...


M&A and cybersecurity – top nine ways to mitigate risk through due diligence

October 28, 2020 | Michael Caruso, Sara Josselyn, David Krebs

The authors would like to acknowledge the contribution of Iain Paterson, Chief Executive Officer at Cycura, a global team of leading cybersecurity experts headquartered in Toronto, Ontario. While the COVID-19 pandemic[1] is by no means over, increasing M&A activity and...


Displaying 1-10 of 67


This blog sets out a variety of materials relating to the law to be used for educational and non-commercial purposes only; the author(s) of this blog do not intend the blog to be a source of legal advice. Please retain and seek the advice of a lawyer and use your own good judgement before choosing to act on any information included in the blog. If you choose to rely on the materials, you do so entirely at your own risk.