MT Cybersecurity Blog

Conceptual illustration of digital security and data protection with digital display

Miller Thomson Blogs put a more conversational lens on Canadian law. See the diverse perspectives of our lawyers here.

Displaying 1-10 of 74

Bill C-26: A strengthening of Canada’s cyber security through mandatory reporting of cyber incidents

June 20, 2022 | David Krebs, Jessica Modafferi

With the continuing threats posed by cyber criminals, state sponsored attacks, and other cybersecurity issues, the Canadian government has taken steps in line with those recently taken by the US government in order to protect and maintain oversight over critical...


A double-take on double-tracking: Takeaways from the privacy investigation into the Tim Hortons’ app

June 9, 2022 | Danny Alcorn, Titli Datta

A recent investigation report into Tim Hortons, co-authored by the Office of the Privacy Commissioner of Canada (“OPC“), Commission d’accès à l’information du Québec, Office of the Information and Privacy Commissioner of Alberta, and Office of the Information and Privacy...


Federal Commissioner tables recommendations for privacy law reform

May 25, 2022 | David Krebs, Titli Datta

In the context of the Canadian Government’s plans to replace the current federal private sector privacy legislation in Canada – The Personal Information Protection and Electronic Documents Act (the “PIPEDA“), the Office of the Privacy Commissioner of Canada (the “OPC“) has...


French data protection authority fines health software provider €1.5M for failing to protect personal information

May 17, 2022 | Titli Datta, David Krebs

Cybersecurity attacks, data security, and privacy breaches are no longer confined to the technical and esoteric discussions of lawyers, IT professionals, and privacy communities but rather over the past two years have become part of “coffee row” and “water cooler”...


Privacy Commissioners take stance against collection of biometric data

January 7, 2022 | David Krebs, Amanda Cutinha

The collection (and over collection) of personal information, cybersecurity incidents, and data breaches have never been more topical. Advancements in technology have led to greater global interaction and allowed for commercial efficiency in a time of limited connection. With advancements...


Quebec’s new privacy law (Bill 64) is here – Canadian businesses take note!

October 12, 2021 | David Krebs, Alexandre Ajami, Amanda Cutinha

While federal attempts to modernize Canadian law, in the form of Bill C-11, is languishing in privacy purgatory, the province of Quebec has completed the first step of its journey to bring its law in close alignment with those of...


Privacy injunctions: the judicial response to cyber ransom demands

September 30, 2021 | Gerald D. Chipeur

Ransom demands from cyber terrorists have become an epidemic for businesses in Canada. As we have reported in previous articles, both for-profit and not-for profit businesses have been impacted. Governments and charities have not been spared from the destruction and...


OSFI updates cybersecurity breach notification requirements

September 13, 2021 | David Krebs, Domenic Presta, Amanda Cutinha

The Office of the Superintendent of Financial Institutions (“OSFI”) released a new Advisory on Technology and Cyber Security Incident Reporting, effective August 13, 2021 (the “Advisory”) which seeks to govern how federally-regulated financial institutions (“FRFIs”) should disclose and report technology...


Ransomware trickles down into your supply chain – Kaseya cyberattack highlights cybersecurity risks and business impact

July 9, 2021 | David Krebs, Giovanni Giuga

Over the July long weekend, Canadian, American, and other international businesses were victims of a far-reaching ransomware attack. The REvil group, a ransomware syndicate also known as Sodin or Sodinokibi, are believed to be behind the attack. This gang’s most prominent...


Canadian organizations take note – Data Protection Authority fines foreign-based business under GDPR for not having “Article 27” representative

May 17, 2021 | David Krebs, Samantha Santos

As we have discussed in several previous articles, Canadian businesses and other organizations can be subject to the European General Data Protection Regulation (“GDPR”) for a number of reasons and in a number of different contexts, be it as a...


Displaying 1-10 of 74


This blog sets out a variety of materials relating to the law to be used for educational and non-commercial purposes only; the author(s) of this blog do not intend the blog to be a source of legal advice. Please retain and seek the advice of a lawyer and use your own good judgement before choosing to act on any information included in the blog. If you choose to rely on the materials, you do so entirely at your own risk.