David Krebs

Associate Counsel | Saskatoon

306.667.5632

Portrait of David Krebs

Privacy and cybersecurity during COVID-19 – Tips for Canadian organizations

With the emergence of COVID-19 in Canada, organizations are faced with many additional concerns and considerations in their daily operations and strategic planning. Remote work has become the norm, and the health of employees, customers and suppliers is a key...

More

Privacy and cybersecurity during COVID-19 – Tips for Canadian organizations

With the emergence of COVID-19 in Canada, organizations are faced with many additional concerns and considerations in their daily operations and strategic planning. Remote work has become the norm, and the health of employees, customers and suppliers is a key...

More

Canadian Privacy Commissioner Tables Annual Report, Calling for Human Rights-Based Overhaul of Privacy Laws

On December 10, 2019, Commissioner Therrien presented his office’s 2019 annual report to Parliament, which was later followed by a press release highlighting key aspects of and views expressed in this latest report. Unsurprisingly, the need for privacy law reform...

More

David Krebs quoted in Canadian Bar Association National article on data protection

CBA National, "Scoping Europe's long reach on data protection"

David Krebs comments on the European Union’s General Data Protection Regulation (GDPR). Facing the threat of massive fines, Canadian businesses with interests in Europe are undertaking efforts to comply with the complexities of the European Union’s General Data Protection Regulation...

More

David Krebs interviewed about Creating a Secure Cyber Environment

Risky Business

David Krebs is interviewed on 650 CKOM program “Risky Business” about Creating a Secure Cyber Environment. Click here for the transcript or listen to the full episode.

More

David Krebs, Alicia MacNeil, and Eric Charleston are featured as part of Financier’s 2019 Annual Privacy Law Review

Annual Privacy Law Review

Data protection is one of the most important issues of our time. There is a burgeoning understanding, among the general public, across business and throughout the world, of the importance of data and the consequences of a breach. The financial...

More

“Once More Unto the (Data) Breach”…Looking back at Twelve Months of Mandatory Breach Notifications

As described in numerous previous articles over the course of 2019, the past year saw an unprecedented number of breach notifications in Canada. In Europe, under the scrutiny of the General Data Protection Regulations (“GDPR”), there were a whopping 89,200...

More

Implementing Privacy by Design

“Privacy by design” (“PbD”) is not a new concept but one that has been receiving increasing attention and legal clout in Canada, Europe, and around the world. Broadly speaking, it requires designing a system or process in a manner that...

More

Cybersecurity Risks in Medical Devices – Health Canada Adopts Guidance Document

Canadian Privacy Law Review (posted with permission from LexisNexis)

Cybersecurity and data breaches are topics of high concern for Canadians. As discussed in previous blog articles, data breaches in Canada, North America and Europe have illustrated how financially motivated hackers and human error can put personal data at risk,...

More

Practical Strategies for Responding to a Cyber-Attack

The author would like to thank the co-author of this article, Claudiu Popa[1], for his contributions and expertise in this area. Organizations across industry sectors are learning to recognize just what cyber-attacks look like, as Canadian companies are experiencing dozens...

More

Moving Back the Goalposts – Federal Commissioner Confirms a Transborder Transfers of Personal Data Remain a “Use”

Six months after it started, the consultation process on the proper treatment of transborder personal data transfers has now closed. On September 23, 2019, the Federal Privacy Commissioner (“OPC”) confirmed that transborder transfers of personal data will remain a “use” of...

More

Receiving a Data Breach Notification – Commissioner’s Guidance for Individuals, Lessons for Organizations

As reported by numerous previous articles, Canada’s federal data breach notification laws have been in effect since Nov 1, 2018, and require all organizations subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”) to report to the federal...

More

Cybersecurity Risks in Medical Devices – Health Canada Adopts Guidance Document

Cybersecurity and data breaches are topics of high concern for Canadians. As discussed in previous blog articles, data breaches in Canada, North America and Europe have illustrated how financially motivated hackers and human error can put personal data at risk,...

More

Data Breaches, GDPR Fines, and Transborder Transfers – the Challenges of Assessing Cybersecurity and Privacy Risk

Data breaches, steep fines under GDPR, and changing requirements for transborder data transfers are just a few of the headline-making issues in the first half of 2019.  It has been anything but quiet for cybersecurity and privacy professionals or organizations...

More

Impact of Recent GDPR Enforcement on Privacy Due Diligence in M&A

In our last blog article, we discussed the British data protection authority’s (“ICO”) announcement to impose large fines on British Airways and Marriott Hotels for separate large-scale data breaches affecting those businesses. In this article, we will turn our minds...

More

GDPR Shows its Teeth – UK Pursuing Record Fines for Data Breaches, Emphasizes Accountability

If there was any question as to the willingness of EU data protection authorities to pursue significant monetary penalties for violations of the European General Data Protection Regulation (“GDPR”), this past week has surely put those uncertainties to rest. The...

More

David Krebs co-presents in webinar entitled “So Your Not-For-Profit Has Been Hacked…Now What?”

Miller Thomson and BDO present a webinar on what to do in the event that your not-for-profit organization is faced with a cyber-incident. This webinar includes: Indications you’ve been hacked – things to look for PIPEDA regulations and understanding your legal...

More

Canada’s Digital Charter Triggers Reframing of Consultation on Transborder Personal Data Transfers

In April of this year, as discussed in our previous blog posts, the Office of the Privacy Commissioner of Canada (“OPC”) called for changes to the way Canadian privacy law treats transborder personal data transfers, and commenced a consultation process....

More

Managing the Many Faces of Cyber-Attacks: Lessons for the construction industry

Think BIG Magazine, 45-47

Imagine your company is part of a large infrastructure project with a host of suppliers, customers, as well as government participation and considerable public media attention. Now imagine that one morning you were told by one of your staff that...

More

David Krebs and Luanne Schlosser are quoted in The Hill Times article, “Privacy watchdog proposing rule change that could see firms revise data-use policies”

The Hill Times, "Privacy watchdog proposing rule change that could see firms revise data-use policies"

Companies could soon be rewriting their privacy policies to fit a change the privacy commissioner is contemplating that could mean getting a person’s explicit okay in all cases when their data is to be transferred across the border. Though the...

More

GDPR Turns One, eh? Current Impact on Canadian Businesses and the Road Ahead

The one-year anniversary of the European General Data Protection Regulation (”GDPR”) has nearly arrived, and there is much buzz about the impact, the level of compliance of European organizations and what lies ahead. This article will explore GDPR’s current impact...

More

Canadian Transborder Data Transfers: OPC Releases Supplemental Discussion Document

As we discussed in a recent blog post on this important issue, the Office of the Privacy Commissioner of Canada (“OPC”) last month announced its intention to interpret the “transfer” of personal information as a “disclosure” rather than a “use”...

More

Moving the Goalposts for Canadian Data: Federal Privacy Commissioner Changes Position on Cross-Border Transfers

A high profile data breach involving a US company, Equifax Inc.[i], and its Canadian subsidiary, Equifax Canada Co., along with the coming into force of the European Data Protection Regulation (“GDPR”), appear to be the driving forces behind the Office...

More

What Exemption? – Pitfalls and Stumbling Blocks in CASL and Privacy Compliance

The Canadian Anti-Spam Law (“CASL”) has been with us now for five years and it has been over 15 years since the Personal Information Protection and Electronic Documents Act (“PIPEDA”) came into force. Then why is CASL and privacy compliance...

More

Data Breach Reporting Obligations in Saskatchewan

As we have written about in previous articles, data breach notification is now mandatory in Canada for the private sector in all jurisdictions where this was not already the case (e.g Alberta under the Personal Information Protection Act). Data breach...

More

One Incident, Potentially Multiple Breach Reporting Requirements – OSFI Introduces Cyber Breach Notification Guidelines for Financial Institutions

On January 20, 2019, the Office of the Superintendent of Financial Institutions of Canada (OSFI) issued an Advisory (also read: OSFI’s Guidance on cyber incident management framework) regarding the responsibilities of federally regulated financial institutions (FRFI), including banks, federal credit...

More

Data Breach Response and Notification – One Size Doesn’t Fit All

David Krebs guest authors a blog for Legal Works and Privacy Works Sweden, on the topic of data breaches, mandatory breach reporting and the GDRP. Read Article

More

Seasonal Gifts & Entertainment: Avoiding ethical, reputational and legal pitfalls

This time of year is when we typically reach out to our customers, suppliers and employees to show appreciation and celebrate the season and end of year. Businesses foster relationships and build trust by interacting with their network, an important part...

More

OPC Releases Mandatory Breach Reporting Guidance

On October 29, 2018, the federal Office of the Privacy Commissioner (“OPC”) published the final version of its guidelines in connection with mandatory reporting of breaches of security safeguards (the “Guidelines”), ahead of the coming into force of the Breach of Security Safeguards Regulations (the “Regulations”)...

More