Imran Ahmad

Partner | Toronto

416.597.6031

Portrait of Imran Ahmad

Highlights of the USMCA

On September 30, 2018, the United States, Mexico and Canada reached a new trade agreement, the United States–Mexico-Canada Agreement (“USMCA”). This agreement maintains a free-trade zone between the three countries and could be signed prior to December 1, 2018. The...

More

NIST Launches Privacy Framework Initiative

For many years, the cybersecurity framework developed by the U.S. Department of Commerce’s National Institute of Standards and Technology (“NIST”) has been relied upon by organizations around the world as a foundational framework document. Given its success in the cybersecurity...

More

Canadian Commissioner Seeks Stronger Privacy Laws

Last week, the Office of the Privacy Commissioner (the “OPC”) released its 2017-2018 Annual Report (the “Report”). The Commissioner took the opportunity to raise serious concerns around the adequacy of Canadian privacy laws in the face of an increasingly digital...

More

Mandatory Breach Draft Guidance Released

On September 17, 2018, the federal Office of the Privacy Commissioner (“OPC”) published its draft guidance about mandatory reporting of breaches of security safeguards (“Draft Guidelines”).  The OPC is seeking public comments as it readies itself for a November 1,...

More

Getting Privacy Due Diligence Right

Increasingly, a key asset that organizations hold is the sensitive data they collect, use and retain about their customers, employees and suppliers. It is, therefore, no surprise that data security and privacy compliance have become a top-of-mind consideration for organizations...

More

Upcoming Mandatory Breach Notification Refresher

In keeping with the global movement towards increased data protection legislation, as evidenced by the recent enactment of the General Data Protection Regulation (GDPR) in Europe and similar legislation adopted in California and Brazil,  Canada will (as of November 1,...

More

Brazilian GDPR Comes into Force

On August 14, 2018, less than three months after the coming into force of the European General Data Privacy Protection Regulation (“GDPR”), the President of Brazil sanctioned, with partial veto, bill PLC 53/2018, which regulates the protection of personal information...

More

Legal Considerations of Blockchain Technology

Commonly known as Bitcoin’s underlying technology, blockchain is widely discussed but poorly understood. According to an HSBC global survey, 80% of individuals who have heard of “blockchain” said they do not understand it. While the technology has the potential to...

More

Canadian Privacy Commissioner Says Public Profiles Are Private

On June 12, 2018, the Office of the Privacy Commissioner (“OPC”) [1] released its report [2] into Profile Technology Ltd.’s (“Profile Technology”) use of “publicly available” Facebook profiles. The OPC concluded that Profile Technology had not obtained the necessary consents from individuals...

More

Links in the blockchain: Creating smarter contracts

Plant Magazine

In a 2016 World Economic Forum report, it was suggested smart contracts based on blockchain technology could potentially codify financial agreements in a shared platform and guarantee execution based on mutually agreed conditions. This would significantly reduce manual efforts required...

More

GDPR Compliance for Canadian Organizations

The European Union’s General Data Protection Regulation (the “GDPR”) came into force on May 25 of this year. While the GDPR has been a hot topic for some time in Europe, it has only recently begun to hit the radar...

More

California Passes New Privacy Law

As of January 1, 2020, organizations around the world who process personal data of California residents will be required to comply with the new provisions of the California Civil Code, as amended by the California Consumer Privacy Act of 2018...

More

Implicit Waiver of Privilege

Overview Solicitor-client privilege and litigation privilege are a fundamental component of our justice system. Solicitor-client privilege is intended to provide “full, free and frank communication between those who need legal advice and those who are best able to provide it,”...

More

Meaningful Consent Under PIPEDA

As part of its effort to “breathe life” into the way consent under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) is obtained, the Office of the Privacy Commissioner of Canada, along with the Offices of the Information and...

More

Canada-U.S. Trade War? Canada Retaliates with New Tariffs on U.S. Goods

On June 29, 2018, the Canadian Government announced that it would implement countermeasures in response to what it called “unjustified tariffs on Canadian steel and aluminum products.” These countermeasures are in direct response to the United States imposing tariffs on...

More

New Canadian Cybersecurity Era?

On June 12, 2018, Public Safety Canada published Canada’s new National Cyber Security Strategy (the “2018 Cyber Strategy”). The 2018 Cyber Strategy details three national cybersecurity goals and the principles that will be followed over the next five years in...

More

NIST Cybersecurity Framework Updated

Recently, the U.S. Commerce Department’s National Institute of Standards and Technology (“NIST”) released Version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). This revised version refines, clarifies and enhances Version 1.0 of the Framework released in...

More

How Smart is Your Contract? Legal Considerations Around Smart Contracts

Ontario Bar Association Information Technology and Intellectual Property Law section

In a 2016 report[1] by the World Economic Forum, it was suggested that smart contracts based on blockchain technology could potentially codify financial agreements in a shared platform and guarantee execution based on mutually agreed conditions. This would significantly reduce manual...

More

How Smart is Your Contract? Legal Considerations Around Smart Contracts

In a 2016 report by the World Economic Forum,[1] it was suggested that smart contracts based on blockchain technology could potentially codify financial agreements in a shared platform and guarantee execution based on mutually agreed conditions. This would significantly reduce...

More

Connected and Protected: Insuring Your Business Against Cyber Breaches

It was not long ago that a company’s cybersecurity plan was centred around the IT department, keeping internal networks protected and staying alert to malware and virus threats. Now, the risks have evolved: as companies have moved to more cloud...

More

It’s Official: Mandatory Data Breach Notification Coming on November 1, 2018

Last week, the Government of Canada published an Order in Council that will bring into force, as of November 1, 2018, the much anticipated mandatory breach notification and record-keeping requirements under the Personal Information Protection and Electronic Documents Act (“PIPEDA”)....

More

It’s Official: Mandatory Data Breach Notification Coming on November 1, 2018

Last week, the Government of Canada published an Order in Council that will bring into force, as of November 1, 2018, the much anticipated mandatory breach notification and record-keeping requirements under the Personal Information Protection and Electronic Documents Act (“PIPEDA”)....

More

CBSA’s 2018 Trade Compliance Priorities: Which Goods Are On Their Radar?

Recently, the Canada Border Services Agency (the “CBSA”) released its Trade Compliance Verification priorities for 2018. The CBSA manages trade compliance with the (i) Tariff Classification, (ii) Customs Valuation, and (iii) Origin programs. This is done by way of random...

More

Key Cybersecurity Takeaways from the Privacy Commissioner’s Investigation into VTech

Earlier this year, the Office of the Privacy Commissioner of Canada (the “OPC”) published its findings from the investigation it conducted into the data breach suffered by VTech. The OPC’s findings provide Canadian businesses with some helpful guidance about (i)...

More

Cybersecurity Considerations When Moving to the Cloud – Part 2

This Article is Part Two of a Two-Part Series Part One provides an overview of the essential elements of the cloud computing ecosystem and describes what it means to be in the cloud. It concludes by setting out the first...

More

Cybersecurity Considerations When Moving to the Cloud – Part 1

This Article is Part One in a Two-Part Series Many organizations view the cloud as a cost-effective and practical approach when it comes to data processing, access, storage and management.  A common misconception among organizations migrating their data to the...

More

Key Lessons from Federal Trade Commission’s 2017 Report on Privacy and Data Security

On January 18, 2018, the U.S. Federal Trade Commission (the “FTC”) released its annual report on Privacy & Data Security for 2017 (the “Report”). The Report reviews the FTC’s privacy and data security related activities in 2017, including in the...

More

Federal Budget Allocates Significant Funds towards Cybersecurity

On February 27, 2018, the Minister of Finance tabled Budget 2018 – Equality + Growth: A Strong Middle Class (the “Budget”) before Parliament. The Budget includes investments in several key areas of the Canadian economy, including in the area of...

More

Going driverless: Legal considerations for the auto industry

Plant Magazine

When the first Michael Bay Transformer movie was released in 2007 depicting alien robots that could transform into driverless vehicles of various sizes, the idea of such autonomous contraptions seemed far-fetched. Today, autonomous and connected vehicles are much closer to...

More

Cybersecurity: Five Guiding Principles for Boards

Data breaches and cyber-attacks continue to represent important threats to businesses of all shapes and sizes. High-profile data breaches have prompted heightened regulatory, shareholder, and public scrutiny of boardroom preparedness. While the importance of cybersecurity at the Board level may...

More

Extraterritorial Scope of GDPR: Do Canadian Businesses Need to Comply?

The European Union’s General Data Protection Regulation (the “GDPR”) will be coming into force on May 25 of this year. While the GDPR has been a hot topic for some time in Europe, it has only recently begun to hit...

More

Senate Committee Report On Autonomous Vehicles Emphasizes Cybersecurity and Privacy

On January 29, 2018, the Standing Senate Committee on Transport and Communications (the “Committee”) released a report titled Driving Change: Technology and the future of the automated vehicle (the “Report”), which highlighted key regulatory and technical issues related to driverless...

More

Cybersecurity In Canada: What to Expect in 2018

Globally, 2017 saw a year-over-year increase from 2016 in the number cyberattacks and data breaches that were reported in the media and to various regulators. Canadian organizations (public and private) were no exception to this global trend. Interestingly, attackers did...

More

Imran Ahmad quoted in Canadian Press article on security of internet-connected home devices

Cape Breton Post, "Are you 'suitably paranoid' about your home devices' cybersecurity?"

Telecom providers may find themselves under increased pressure to show they’ve taken reasonable precautions, said Toronto-based lawyer Imran Ahmad, a partner with Miller Thomson who specializes in cybersecurity and privacy law. “There’s an expectation, quite frankly, from basic consumers that...

More

Cryptocurrency and cybersecurity: The implications

The Lawyer's Daily

This is part two of a two-part series. Similar to the way money is stored in a bank, cryptocurrency can be stored in forms of “cryptocurrency wallets” where sensitive information is encrypted and securely stored. If an owner of a...

More

Cryptocurrency and cybersecurity: A primer

The Lawyer's Daily

As the value of bitcoins continues to soar, there has been increased interest in whether cryptocurrencies may one day replace traditional currencies. However, regulators and the broader public remain skeptical and concerned about whether digital currencies are vulnerable to manipulations...

More

What’s Happening?

Nicole D’Aoust and Natasha Smith presented at the AFP Congress 2017 on the topic:  “You Can Donate That?! Non-traditional Gifts that can Make a Big Difference” in Toronto, ON on November 21, 2017. Kathryn Frelick and Karima Kanani presented a webcast...

More

Cybersecurity: Are Social Engineering Attacks Covered Under Insurance Policies?

Cybersecurity incidents are a popular topic of coverage in the press. These incidents range from hacking into organizations that hold a large quantity of data about clients, employees, vendors and other stakeholders to duping employees to transfer funds into fraudulent...

More

Privacy Commissioner Gearing Up for Tougher Enforcement

On September 21, 2017, in a press conference following the publication of his 2016-17 Annual Report to Parliament on the Personal Information Protection and Electronic Documents Act and the Privacy Act, the Privacy Commissioner (the “Commissioner”) announced his plans to...

More

The CSA Weighs in on Cryptocurrency Offerings

With the increasing popularity of blockchain-based digital currencies, many businesses see them as a unique way to raise funds, while investors consider them to be part of a diversified investment portfolio. Recognizing that securities law may, in some circumstances, apply...

More

Imran Ahmad quoted in Reuters article on Canada’s data breach notification rules

Reuters, "New Canadian rules on reporting data hacks 'long overdue,' critics say"

The Canadian government will require that companies operating in the country report all data breaches to their customers and a privacy watchdog as soon as possible after discovery, a rule that security experts said was long overdue.

More

What GDPR Means for Canadian Businesses

The European Union’s (“EU”) General Data Protection Regulation (the “GDPR”), which comes into force in May 2018, will impose significant new obligations on businesses that handle the personal data of EU residents.  What is unique is that the GDPR applies...

More

The Growing Importance of Privacy Compliance in Transactions

Increasingly, a key asset that organizations hold is the sensitive data they collect, use and retain about their customers, employees, and suppliers. It is therefore no surprise that data security and privacy compliance have become a top of mind consideration...

More

Prepare for an attack: lessons learned from Verizon-Yahoo ordeal

Plant Magazine

As hackers become more sophisticated, it’s not a matter of “if” but “when” companies will be targeted by cyber criminals.

More

Imran Ahmad quoted in Reuters article on hacktivist attacks in 2019 vote

Reuters, "Canada cyber-spy agency expects hacktivist attacks in 2019 vote"

Canada’s electronic spy agency said on Friday it was “very likely” that hackers will try to influence Canada’s 2019 elections and it planned to advise political parties next week on how to guard against cyber threats.

More

Imran Ahmad quoted in The Globe and Mail on WannaCry cyberattack

The Globe and Mail, "Canada spared worst of the cyberattack but full extent still unknown"

(subscription only)

More

Tips for Businesses Negotiating Cloud Agreements

IT in Canada Online

It seems like everyone is talking about the cloud as the new norm – if you’re not already in the cloud, odds are that you’re seriously considering it.

More

Overview of privacy laws in Canada: What you should know

Cyber Security Practitioner

Imran Ahmad evaluates how the privacy law landscape operates in Canada, how this relates to cyber security, and the new mandatory breach notification requirements being introduced by the Digital Privacy Act, which has significantly amended the Personal Information Protection and...

More

Companies need to plan for handling a cybersecurity breach

The Globe and Mail, Report on Business

Our shift to a digital society has seen the emergence of a new kind of crime: stealing data and attacking company networks, whether for financial gain, to send a political message, or sometimes simply to prove a point.

More

U.S. case spotlights cyber coverage

The Lawyers Weekly

This article originally appeared in the March 24, 2017 issue of The Lawyers Weekly. In 2016, “cyber” had increased prominence in the minds of organizations and with good reasons. “Hacking” not only made the headlines because of allegations that hackers were interfering with the U.S....

More

Cybersecurity Now Part of Due Diligence Process

More

Imran Ahmad discusses cybersecurity effect on class action litigation

Canadian Lawyer Magazine, " The era of no excuses"

General counsel are taking on a larger role in protecting corporate data. With class action lawsuits threatening valuations of entire industries, they have no choice. Just two days after Christmas this past December, an American company called E-Sports Entertainment Association went...

More

Imran Ahmad comments on cybersecurity regulations in Financial Post

Financial Post, "New York's new financial cyber security laws have Canadian experts taking note"

Last week, New York State’s new cyber security requirements for financial institutions came into full effect, including mandatory minimum standards for protecting customer data for firms that fall under the state financial watchdog’s purview.

More

Mandatory Data Breach Notification is Coming: Is your Organization Ready?

More

Cybersecurity in Canada: What to Expect in 2017

More

Imran Ahmad comments on new rules surrounding transparency in data breaches

CBC, "Here's why reports of data breaches will skyrocket this year"

Nobody likes to talk about getting hacked. For one, it’s embarrassing. And for companies, it’s a quick way to lose customers’ trust. It’s why you rarely hear about data breaches or cyberattacks on big businesses unless the companies are forced to admit something happened.

More

Imran Ahmad comments on upcoming data breach notification requirements

Canadian Underwriter, "Breach Notification"

Federal regulations requiring organizations to notify individuals of data breaches that could potentially expose them to harm will probably be in place this year and could cause an increase in class-action lawsuits, lawyers familiar with privacy laws suggest.

More

CSA Issues Cybersecurity Disclosure Expectations

More

Does your Insurance Cover Phishing Scam? It may not.

More

Privacy Commissioner Issues Report on Ashley Madison Cyber-Attack

This fall, the Office of the Privacy Commissioner of Canada (the “OPC”) and the Australian Privacy Commissioner released a joint report summarizing their findings following an investigation into the Ashley Madison cyber-attack. The report discusses the shortcomings of Ashley Madison’s...

More

Check under the hood: make it part of your due diligence process

Plant Magazine

You have acquired a competitor to help your business grow by accessing new customers and technology. However, you learn shortly afterwards the target company had a major data breach that it didn’t disclose to bidders.

More

Imran Ahmad quoted in article on data breaches and cybersecurity

IT World Canada, "Small, medium Canadian business still in denial on cyber security: Expert"

Small and medium sized businesses in Canada still have blinkers on when it comes to being fully prepared for cyber breaches, says security experts. That was the consensus from a number of speakers last week at a workshop in Toronto...

More

Cybersecurity: Steps to Manage Cyber Risks Effectively

In recent years, cyberattacks have been steadily increasing in sophistication, frequency and magnitude – with the media reporting, what appears to be, a major cyberattack on an almost weekly basis.  Hackers are targeting organizations from all industries, including not-for-profits and...

More

Imran Ahmad comments on unlawful CSIS data collection

IT World, "How court ruling on CSIS data collection impacts the enterprise"

The uproar earlier this month about Canada’s domestic intelligence agency unlawfully keeping telecom metadata raises the issue of privacy officers ensuring data retention policies are well documented, says a privacy lawyer.

More

Imran Ahmad discusses proposed Bill C-51 amendments on CBC

CBC Radio

Imran Ahmad was interviewed on CBC Radio discussing recent proposals in the federal government’s green paper on national security that would enhance the investigative capabilities of police to track suspected criminals in the digital age, and how the need for better law enforcement should be...

More

The Board’s Role in Cybersecurity

BOARDS: Official Publication of the Governance Centre of Excellence

(Co-authored with Poonam Puri, Osgoode Hall Law School) Increasingly, cybersecurity is at the top of the agenda for most hospital boards, audit/risk committees and senior management teams. Board directors are wondering whether they are asking the right questions and making the...

More

Imran Ahmad comments on DDoS attack

Insurance Business Canada, "DDoS attack disrupts Grade 10 literacy exams"

Ontario’s Education Quality and Accountability Office (EQAO) confirmed to Toronto police that it has sustained a cyber-attack that disrupted efforts to conduct the Grade 10 literacy exam for the entire province. Nearly 150,000 students across Ontario were affected by the...

More

Imran Ahmad interviewed on cybercrime at Fraud and Breach Prevention Summit

Fraud and Breach Prevention Summit

Imran Ahmad was part of a panel of cybercrime experts interviewed by Information Security Media Group at the recent Fraud and Breach Prevention Summit in Toronto. Listen to the audio: Helping Police Solve Cybercrimes

More

Cyber Insurance – What Do You Need to Know?

CVCA Deals & Updates

Earlier this summer, when the University of Calgary was the victim of a ransomware attack, it publicly said that the cyber insurance it had purchased proved invaluable in dealing with the fallout of the attack.

More

Imran Ahmad comments on government’s public consultation on cybersecurity strategy

IT World Canada, "Ottawa announces public consultation on cyber security strategy"

The federal government has started a three-month public consultation on updating its cyber security strategy, asking security pros and citizens for input on how it should not only strengthen the national IT systems and critical infrastructure in the private sector but...

More

Imran Ahmad quoted in article on access to employee personal information

IT World Canada, "Many federal managers had unneeded access to employees’ personal information: CBC"

As many as 70,000 managers had excess and unneeded access to the personal details of all 300,000 federal employees enrolled in the new and problem-filled Phoenix pay system, according to CBC News. Citing Public Services Canada documents released under the...

More

Imran Ahmad profiled in article on cybersecurity lawyers

Law Times, "Focus: Cybersecurity lawyers defend against attacks"

As Canadian businesses beef up their defences against cyberattack, some of the country’s biggest law firms are growing their own cybersecurity teams in an attempt to match client demand.

More