( Disponible en anglais seulement )
Canadian privacy law 2.0: Artificial intelligence (AI) and Bill C-11, the Consumer Privacy Protection Act
In a recent announcement, the Canadian federal Privacy Commissioner of Canada (“OPC”) released a report containing recommendations on how AI should be treated under Canadian privacy law, and what protections need to be in place to ensure AI applications reach […]
( Disponible en anglais seulement )
British Columbia Supreme Court emphasizes the importance of contextual assessment when assessing privacy risks associated with information access requests
Introduction In Airbnb Ireland UC v Vancouver (City), 2023 BCSC 1137, the British Columbia Supreme Court (the “Court”) highlighted the privacy implications for companies and other parties who provide information to public bodies. Airbnb Ireland UC (“Airbnb”) applied for judicial […]
( Disponible en anglais seulement )
Mobile apps: What businesses should know a year after the Tim Hortons data tracking scandal
Many businesses are tapping into the digital economy by creating mobile apps to enhance customer experience, build brand awareness, and boost marketing outcomes, which often includes collecting (sometimes very detailed) information from users. However, creating and deploying these apps comes […]
( Disponible en anglais seulement )
AI poses new threats to cybersecurity: How Canadian boards can navigate the evolving cyber risk landscape to stay ahead of the curve
The cybersecurity threat landscape is currently at a time when new threats are continuing to emerge, not the least of which are risks related to the use of artificial intelligence (AI), specifically generative AI. In response, there is increasing pressure […]
Consentement valable et protection des données des applications tierces : La Cour fédérale rejette la plainte du commissaire à la protection de la vie privée contre Facebook
Le 13 avril 2023, la Cour fédérale a rendu sa décision dans la poursuite intentée par le Commissariat à la protection de la vie privée du Canada (le « CPVP ») contre Facebook Inc. (« Facebook »)[1]. La cause porte sur les obligations de Facebook en […]
( Disponible en anglais seulement )
Failure to prevent a data breach not equal to invasion of privacy: Ontario Court of Appeal shuts the door on “intrusion upon seclusion” tort
The Ontario Court of Appeal has released a new trilogy of cases regarding the privacy tort “intrusion upon seclusion.” Specifically, whether the privacy tort is available as against commercial entities collecting and storing clients’ personal information, where there was a […]
( Disponible en anglais seulement )
Privacy Commissioners call on Health Industry to phase out use of traditional fax and unencrypted email in shift to digital healthcare
On September 21, 2022, the Office of the Privacy Commissioner of Canada released a Joint Resolution of the Federal, Provincial and Territorial Privacy Commissioners and Ombudspersons with Responsibility for Privacy Oversight entitled Securing Public Trust in Digital Healthcare (the “Joint […]
Liste de choses à faire lors d’une intervention en cas d’incident
Les incidents de cybersécurité et les violations de données surviennent sans crier gare. Peut-être que votre organisation a été victime d’une cyberattaque ou qu’un de vos fournisseurs vous a informé qu’il avait été la cible d’une attaque de ce genre. […]
Mesures tactiques et stratégiques pour bien se préparer aux cyberincidents
Pour donner le coup d’envoi du mois de la sensibilisation à la cybersécurité de cette année, nous avons décidé de publier un article portant sur des incidents survenus durant la dernière année et sur les conseils que nous avons fournis […]
La cybersécurité au sein des institutions financières au Canada
Dans son premier Regard annuel sur le risque pour l’exercice 2022-2023, le Bureau du surintendant des institutions financières (BSIF) a recensé les risques les plus importants auxquels sont confrontées les institutions financières à charte fédérale (IFF). Le BSIF relève que les […]
Gestion de la cybersécurité dans les transactions de fusion et d’acquisition : Comment réduire les risques grâce au processus de vérification diligente
Ces dernières années, les entreprises sont de plus en plus axées sur les technologies et la cybersécurité d’une entreprise ciblée est devenue un élément crucial dans le processus de vérification diligente. La pandémie de COVID-19 a exacerbé cette préoccupation : même […]
( Disponible en anglais seulement )
Takeaways on privacy breach risk assessment and data security programs: Alberta Privacy Commissioner issues breach report
On July 29, 2022 the Office of the Information and Privacy Commissioner of Alberta (the “OIPC”) issued its report on data breaches (PDF) (the “Report”). Alberta has been the leading Canadian jurisdiction with the most long-standing experience when it comes to reviewing, […]
( Disponible en anglais seulement )
Bill C-26: A strengthening of Canada’s cyber security through mandatory reporting of cyber incidents
With the continuing threats posed by cyber criminals, state sponsored attacks, and other cybersecurity issues, the Canadian government has taken steps in line with those recently taken by the US government in order to protect and maintain oversight over critical […]
( Disponible en anglais seulement )
A double-take on double-tracking: Takeaways from the privacy investigation into the Tim Hortons’ app
A recent investigation report into Tim Hortons, co-authored by the Office of the Privacy Commissioner of Canada (« OPC« ), Commission d’accès à l’information du Québec, Office of the Information and Privacy Commissioner of Alberta, and Office of the Information and Privacy […]
L’autorité française de protection des données impose une amende de 1,5 million d’euros à un fournisseur de logiciels de santé pour manquement à la protection des renseignements personnels
Les cyberattaques, la sécurité des données et les atteintes à la vie privée ne sont pas des sujets traités uniquement dans les discussions techniques et ésotériques des avocats, des spécialistes des TI et des communautés de la protection des renseignements […]
( Disponible en anglais seulement )
Federal Commissioner tables recommendations for privacy law reform
In the context of the Canadian Government’s plans to replace the current federal private sector privacy legislation in Canada – The Personal Information Protection and Electronic Documents Act (the « PIPEDA« ), the Office of the Privacy Commissioner of Canada (the « OPC« ) has […]
( Disponible en anglais seulement )
Privacy Commissioners take stance against collection of biometric data
The collection (and over collection) of personal information, cybersecurity incidents, and data breaches have never been more topical. Advancements in technology have led to greater global interaction and allowed for commercial efficiency in a time of limited connection. With advancements […]
La nouvelle loi québécoise sur la protection de la vie privée (projet de loi 64) est arrivée – Les entreprises canadiennes doivent en prendre note!
Alors que les tentatives du gouvernement fédéral de moderniser la loi canadienne, par le biais du projet de loi C-11, font du surplace dans le champ miné de la protection de la vie privée, le Québec a franchi la première […]
( Disponible en anglais seulement )
Privacy injunctions: the judicial response to cyber ransom demands
Ransom demands from cyber terrorists have become an epidemic for businesses in Canada. As we have reported in previous articles, both for-profit and not-for profit businesses have been impacted. Governments and charities have not been spared from the destruction and […]
( Disponible en anglais seulement )
OSFI updates cybersecurity breach notification requirements
The Office of the Superintendent of Financial Institutions (“OSFI”) released a new Advisory on Technology and Cyber Security Incident Reporting, effective August 13, 2021 (the “Advisory”) which seeks to govern how federally-regulated financial institutions (“FRFIs”) should disclose and report technology […]
Maisons en vente à la chaîne (de blocs)
Introduction Échangeriez-vous votre maison contre une œuvre d’art? Un critique d’art pourrait envisager cette possibilité. Mais quelle serait votre réaction si votre maison n’était pas échangée contre de l’art, mais contre des bitcoins? Comme une œuvre d’art, la valeur du […]
( Disponible en anglais seulement )
Ransomware trickles down into your supply chain – Kaseya cyberattack highlights cybersecurity risks and business impact
Over the July long weekend, Canadian, American, and other international businesses were victims of a far-reaching ransomware attack. The REvil group, a ransomware syndicate also known as Sodin or Sodinokibi, are believed to be behind the attack. This gang’s most prominent […]
( Disponible en anglais seulement )
Cyberattacks in your supply chain – Canada Post data breach highlights risks
Over the past twelve months, we have seen more and more clients experiencing a variety of cybersecurity incidents. Most prominently, these have been “business email compromise” incidents as well as malware deployments, such as ransomware attacks. The latter have received […]
( Disponible en anglais seulement )
Canadian organizations take note – Data Protection Authority fines foreign-based business under GDPR for not having “Article 27” representative
As we have discussed in several previous articles, Canadian businesses and other organizations can be subject to the European General Data Protection Regulation (“GDPR”) for a number of reasons and in a number of different contexts, be it as a […]
( Disponible en anglais seulement )
Ransomware – Privacy law, sanctions, and the pandemic
It is trite to say that no matter the sector, size, or location of an organization, cyberattacks can be devastating. As we have seen throughout 2020 and this year in Canada and elsewhere, data breaches and operational interruptions caused by […]
( Disponible en anglais seulement )
The Consumer Privacy Protection Act (CPPA): Increasing accountability and transparency
In a recent MT Cybersecurity Blog, we discussed Bill C-11, the Consumer Privacy Protection Act (the “CPPA”), which was introduced on November 17, 2020, by the Minister of Innovation, Science and Industry with the aim of modernizing federal privacy law […]
( Disponible en anglais seulement )
“Made in Canada” – What is happening to Privacy by Design under the CPPA?
“Privacy by Design” has long been understood as the “gold standard” of data protection and at the core of how to sustain privacy rights in the digital age. It is a concept that can be said to have been “made […]
( Disponible en anglais seulement )
Consent and the business activities exemption: A dive into the Consumer Privacy Protection Act (CPPA)
Now in its Second Reading, Bill C-11, the Consumer Privacy Protection Act (“CPPA”), is moving ever closer to adoption. The opening remarks by the Bill’s sponsor, MP Navdeep Bains, emphasized the law’s focus on control and consent with the aim […]
( Disponible en anglais seulement )
Transport Canada’s Vehicle Cyber Security Strategy
Transport Canada (“TC”) has partnered with the U.S. Department of Transportation’s Volpe Center to develop TC’s Vehicle Cyber Security Strategy (“Vehicle Cyber Strategy”). The Vehicle Cyber Strategy is intended to set out forward-looking cyber security priorities for TC over the […]
( Disponible en anglais seulement )
The dawn of Canadian Privacy Law 2.0: The Consumer Privacy Protection Act introduced
The long-awaited overhaul of federal private sector privacy law, as outlined in our previous blog post, is finally here. The Digital Charter Implementation Act was introduced for First Reading on November 17, 2020, as Bill C-11. If enacted, the new […]
( Disponible en anglais seulement )
M&A and cybersecurity – top nine ways to mitigate risk through due diligence
The authors would like to acknowledge the contribution of Iain Paterson, Chief Executive Officer at Cycura, a global team of leading cybersecurity experts headquartered in Toronto, Ontario. While the COVID-19 pandemic[1] is by no means over, increasing M&A activity and […]
( Disponible en anglais seulement )
40% of data breach records insufficient – Canadian Privacy Commissioner releases findings on data breach register inspections
As the Canadian Office of the Privacy Commissioner (“OPC ») signaled it would do at the end of 2019, it completed a targeted investigation of data breach registers at a select number of organizations. The OPC released has now released a […]
( Disponible en anglais seulement )
British Columbia Court of Appeal upholds certification of data breach class action
Following in the footsteps of Jones v. Tsige from the Court of Appeal for Ontario in 2012, the recent British Columbia Court of Appeal decision in Tucci v. Peoples Trust Co. (2020 BCCA 246) appears to be solidifying the future […]
( Disponible en anglais seulement )
Ontario government launches consultations on establishing provincial privacy regime for private sector
On August 13, 2020, the Ontario Government (the “Government”) launched consultations on establishing provincial privacy legislation for the private sector, likely including not-for-profits and charities. The collection, use, and disclosure of personal information is currently governed by federal legislation, the […]
( Disponible en anglais seulement )
Responding to cyber-attacks – lessons for Saskatchewan municipalities from recent data breaches
Privacy concerns are at the forefront of our increasingly digital world, with cybercrime such as ransomware, business email compromise and phishing attacks becoming a noticeable risk for organizations. It is essential for municipalities to understand their minimum responsibilities under Saskatchewan […]
( Disponible en anglais seulement )
European Data Protection Board (EDPB) releases FAQ on “Schrems II”: A primer for Canadian organizations
As we have reported previously, on July 16, 2020, the Court of Justice of the European Union (“CJEU”) released its decision in the case of Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (“Schrems II”), which ruled that […]
( Disponible en anglais seulement )
“Schrems II” decides validity of personal data transfer mechanisms – impact on Canadian organizations
On July 16, 2020, the Court of Justice of the European Union (“CJEU”) released its long-awaited decision regarding the validity of existing personal data transfer mechanisms outside the EU under the General Data Protection Regulation (“GDPR”), the so-called “Schrems II” […]
( Disponible en anglais seulement )
Ransomware attack on cloud-services provider affects charities and not-for-profits
A company that supplies cloud fundraising and accounting software to the charity and not-for-profit sector announced yesterday that it experienced a ransomware attack in May 2020. Blackbaud is the company behind such programs as Raiser’s Edge NXT, eTapestry, and The […]
( Disponible en anglais seulement )
COVID-19 contact tracing debate highlights need for privacy law reform: Lessons for developers and users
We have been following the COVID-19 crisis and its impact on privacy law over the course of the past few months. It has become apparent during that time that the requirements of the pandemic and the contact tracing debate highlight […]
( Disponible en anglais seulement )
IIROC issues Notice regarding cybersecurity in cloud services and application programming interfaces
On June 24, 2020, the Investment Industry Regulatory Organization of Canada (“IIROC”) released an Education Notice to members (“Cybersecurity – Cloud Services and Application Programming Interfaces”) outlining key elements of cybersecurity strategies pertaining to adoption and implementation of cloud services […]
( Disponible en anglais seulement )
British Columbia Information and Privacy Commissioner calls for changes to Personal Information Protection Act
As we’ve reported in past blog posts, Canada’s privacy regulators have been vocal about the need for change to the privacy and data protection laws that apply to the private, public and health sectors in Canada. Most recently, the British […]
( Disponible en anglais seulement )
Privacy Commissioner consultation on AI
Continuing to highlight the need for reform, the Office of the Privacy Commissioner of Canada (“OPC”) has initiated a consultation on recommendations they have presented to adapt the private sector privacy statute Personal Information Protection and Electronic Documents Act (“PIPEDA”) to address […]
( Disponible en anglais seulement )
Canadian Privacy Commissioner Tables Annual Report, Calling for Human Rights-Based Overhaul of Privacy Laws
On December 10, 2019, Commissioner Therrien presented his office’s 2019 annual report to Parliament, which was later followed by a press release highlighting key aspects of and views expressed in this latest report. Unsurprisingly, the need for privacy law reform […]
( Disponible en anglais seulement )
Implicit Waiver of Privilege
Overview Solicitor-client privilege and litigation privilege are a fundamental component of our justice system. Solicitor-client privilege is intended to provide “full, free and frank communication between those who need legal advice and those who are best able to provide it,” […]
( Disponible en anglais seulement )
Enforceability of e-signatures during COVID-19 pandemic
While the COVID-19 pandemic is having an enormous impact on Canadian organizations, including those within the charitable and non-profit sector, they must continue to operate despite the “physical distancing” measures imposed by the government. This is especially true given that […]
( Disponible en anglais seulement )
Privacy Commissioners: Privacy laws not a barrier to effective COVID-19 response, emphasize compliance when using contact tracing apps
The COVID-19 pandemic has created an unprecedented challenge for federal and provincial governments and other public health organizations in Canada. To respond in a timely and effective manner, government organizations require greater access to, and an enhanced ability to use, […]
( Disponible en anglais seulement )
Privacy and cybersecurity during COVID-19 – Tips for Canadian organizations
With the emergence of COVID-19 in Canada, organizations are faced with many additional concerns and considerations in their daily operations and strategic planning. Remote work has become the norm, and the health of employees, customers and suppliers is a key […]
Cybersécurité : Mesures à prendre pour se protéger contre les risques cybernétiques
Au cours des dernières années, la complexité, la fréquence et l’ampleur des cyberattaques n’ont cessé d’augmenter. Les médias rapportent ce qui semble être une cyberattaque majeure presque chaque semaine. Les pirates informatiques visent des entreprises de tous les secteurs, y […]
