MT Cybersecurity Blog

Conceptual illustration of digital security and data protection with digital display

Miller Thomson Blogs put a more conversational lens on Canadian law. See the diverse perspectives of our lawyers here.

Displaying 1-10 of 61

Consent and the business activities exemption: A dive into the Consumer Privacy Protection Act (CPPA)

December 29, 2020 | Lisen Bassett, Kelly Harris

Now in its Second Reading, Bill C-11, the Consumer Privacy Protection Act (“CPPA”), is moving ever closer to adoption. The opening remarks by the Bill’s sponsor, MP Navdeep Bains, emphasized the law’s focus on control and consent with the aim...


Canadian privacy law 2.0: Artificial intelligence (AI) and Bill C-11, the Consumer Privacy Protection Act

December 7, 2020 | Myron Mallia-Dare, David Krebs

In a recent announcement, the Canadian federal Privacy Commissioner of Canada (“OPC”) released a report containing recommendations on how AI should be treated under Canadian privacy law, and what protections need to be in place to ensure AI applications reach...


The dawn of Canadian Privacy Law 2.0: The Consumer Privacy Protection Act introduced

November 19, 2020 | David Krebs, Kelly Harris

The long-awaited overhaul of federal private sector privacy law, as outlined in our previous blog post, is finally here. The Digital Charter Implementation Act was introduced for First Reading on November 17, 2020, as Bill C-11. If enacted, the new...


M&A and cybersecurity – top nine ways to mitigate risk through due diligence

October 28, 2020 | Michael Caruso, Sara Josselyn, David Krebs

The authors would like to acknowledge the contribution of Iain Paterson, Chief Executive Officer at Cycura, a global team of leading cybersecurity experts headquartered in Toronto, Ontario. While the COVID-19 pandemic[1] is by no means over, increasing M&A activity and...


40% of data breach records insufficient – Canadian Privacy Commissioner releases findings on data breach register inspections

October 5, 2020 | David Krebs, Elissa Brock

As the Canadian Office of the Privacy Commissioner (“OPC”) signaled it would do at the end of 2019, it completed a targeted investigation of data breach registers at a select number of organizations. The OPC released has now released a...


British Columbia Court of Appeal upholds certification of data breach class action 

September 14, 2020 | David Krebs

Following in the footsteps of Jones v. Tsige from the Court of Appeal for Ontario in 2012, the recent British Columbia Court of Appeal decision in Tucci v. Peoples Trust Co. (2020 BCCA 246) appears to be solidifying the future...


Ontario government launches consultations on establishing provincial privacy regime for private sector

August 28, 2020 | David Krebs, Amanda Cutinha

On August 13, 2020, the Ontario Government (the “Government”) launched consultations on establishing provincial privacy legislation for the private sector, likely including not-for-profits and charities. The collection, use, and disclosure of personal information is currently governed by federal legislation, the...


Responding to cyber-attacks – lessons for Saskatchewan municipalities from recent data breaches

August 20, 2020 | David Krebs, Troy Baril, Danny Alcorn, Jacey Safnuk

Privacy concerns are at the forefront of our increasingly digital world, with cybercrime such as ransomware, business email compromise and phishing attacks becoming a noticeable risk for organizations. It is essential for municipalities to understand their minimum responsibilities under Saskatchewan...


European Data Protection Board (EDPB) releases FAQ on “Schrems II”: A primer for Canadian organizations

August 4, 2020 | David Krebs, Amanda Cutinha

As we have reported previously, on July 16, 2020, the Court of Justice of the European Union (“CJEU”) released its decision in the case of Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (“Schrems II”), which ruled that...


“Schrems II” decides validity of personal data transfer mechanisms – impact on Canadian organizations

July 20, 2020 | David Krebs, Amanda Cutinha

On July 16, 2020, the Court of Justice of the European Union (“CJEU”) released its long-awaited decision regarding the validity of existing personal data transfer mechanisms outside the EU under the General Data Protection Regulation (“GDPR”), the so-called “Schrems II”...


Displaying 1-10 of 61


This blog sets out a variety of materials relating to the law to be used for educational and non-commercial purposes only; the author(s) of this blog do not intend the blog to be a source of legal advice. Please retain and seek the advice of a lawyer and use your own good judgement before choosing to act on any information included in the blog. If you choose to rely on the materials, you do so entirely at your own risk.