MT Cybersecurity Blog

Miller Thomson Blogs put a more conversational lens on Canadian law. See the diverse perspectives of our lawyers here.

Displaying 1-10 of 79

A to-do list for incident response

October 11, 2022 | David Krebs, Amanda Cutinha

Cybersecurity incidents and data breaches arise without notice. Your organization may have fallen victim to a cyberattack or you may have received notice from a supplier that they have been attacked. Or perhaps a key employee has lost an unencrypted...


Tactical and strategic steps for successful cyber incident preparedness

September 30, 2022 | David Krebs

To kick-off this year’s cyber awareness month, we wanted to present an article that would look back on the past year along with our experience counseling organizations, large and small across all sectors, through the ordeal of cyberattacks, data extortion...


Cybersecurity for Canada’s financial institutions

September 30, 2022 | Domenic Presta

In the Office of the Superintendent of Financial Institution’s (OSFI) first Annual Risk outlook for Fiscal Year 2022-2023, the OSFI identifies the most material risks which face federally regulated financial institutions (FRFIs). Among the financial risks that the OSFI identifies...


Managing cybersecurity in M&A transactions: How to mitigate risk through due diligence

September 30, 2022 | Sara Josselyn, David Krebs

As companies have become increasingly technology-driven in recent years, a target’s cybersecurity posture has become a key focal point in the diligence process. The COVID-19 pandemic has made this concern particularly acute: notwithstanding that an increasingly large number of people...


Takeaways on privacy breach risk assessment and data security programs: Alberta Privacy Commissioner issues breach report

August 5, 2022 | Titli Datta, David Krebs

On July 29, 2022 the Office of the Information and Privacy Commissioner of Alberta (the “OIPC”) issued its report on data breaches (PDF) (the “Report”). Alberta has been the leading Canadian jurisdiction with the most long-standing experience when it comes to reviewing,...


Bill C-26: A strengthening of Canada’s cyber security through mandatory reporting of cyber incidents

June 20, 2022 | David Krebs, Jessica Modafferi

With the continuing threats posed by cyber criminals, state sponsored attacks, and other cybersecurity issues, the Canadian government has taken steps in line with those recently taken by the US government in order to protect and maintain oversight over critical...


A double-take on double-tracking: Takeaways from the privacy investigation into the Tim Hortons’ app

June 9, 2022 | Danny Alcorn, Titli Datta

A recent investigation report into Tim Hortons, co-authored by the Office of the Privacy Commissioner of Canada (“OPC“), Commission d’accès à l’information du Québec, Office of the Information and Privacy Commissioner of Alberta, and Office of the Information and Privacy...


Federal Commissioner tables recommendations for privacy law reform

May 25, 2022 | David Krebs, Titli Datta

In the context of the Canadian Government’s plans to replace the current federal private sector privacy legislation in Canada – The Personal Information Protection and Electronic Documents Act (the “PIPEDA“), the Office of the Privacy Commissioner of Canada (the “OPC“) has...


French data protection authority fines health software provider €1.5M for failing to protect personal information

May 17, 2022 | Titli Datta, David Krebs

Cybersecurity attacks, data security, and privacy breaches are no longer confined to the technical and esoteric discussions of lawyers, IT professionals, and privacy communities but rather over the past two years have become part of “coffee row” and “water cooler”...


Privacy Commissioners take stance against collection of biometric data

January 7, 2022 | David Krebs, Amanda Cutinha

The collection (and over collection) of personal information, cybersecurity incidents, and data breaches have never been more topical. Advancements in technology have led to greater global interaction and allowed for commercial efficiency in a time of limited connection. With advancements...


Displaying 1-10 of 79


This blog sets out a variety of materials relating to the law to be used for educational and non-commercial purposes only; the author(s) of this blog do not intend the blog to be a source of legal advice. Please retain and seek the advice of a lawyer and use your own good judgement before choosing to act on any information included in the blog. If you choose to rely on the materials, you do so entirely at your own risk.