Summer 2019 saw a flurry of major fines levied against large corporations for data breaches and other privacy violations. Ranging from a €460,000 fine under the European General Data Protection Regulation (GDPR) for a Dutch...more
The recently announced federal government cybersecurity certification program is targeted at small- and medium-sized enterprises (SMEs), but larger organizations should also take note....more
The Office of the Information and Privacy Commissioner of Ontario (OIPC) released its 2018 Annual Report: Privacy and Accountability for a Digital Ontario on Wednesday, July 10, 2019. This report signals a move toward...more
7/16/2019
/ Artificial Intelligence ,
Canada ,
Cyber Attacks ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Faxes ,
Personally Identifiable Information ,
Popular ,
Privacy Concerns ,
Regulatory Oversight
Violations of privacy–already regulated by the Office of the Privacy Commissioner of Canada (as well as provincial privacy regulators)–may also soon be regulated by Canada’s Competition Bureau. In a statement yesterday at the...more
The federal government has launched Canada’s new Digital Charter that comprises 10 broad principles to govern the use of data in the digital world. The stated purpose of the Digital Charter is to guide dialogue around changes...more
We had a packed house for our Cyber Time: Crash Course for Directors and Officers event this week at the Bennett Jones Calgary office. The half-day session covered current cyber threats facing businesses today, litigation...more
Seeking input from interested third parties, the Office of the Privacy Commissioner of Canada (OPC) announced a revision to its policy position on transborder data flow under the federal Personal Information Protection and...more
The Office of the Superintendent of Financial Institutions (OSFI) just published an advisory letter for federally regulated financial institutions (FRFI). The advisory sets out OSFI's expectations for FRFI cybersecurity...more
The Toronto Sun reported this morning that the privacy of 4,500 consumers of recreational cannabis in Ontario has been compromised. The names and addresses of individuals purchasing cannabis through the Ontario Cannabis Store...more
This 10-step guide will walk you through the upcoming changes to the Personal Information Protection and Electronic Documents Act (PIPEDA), the factors to consider in being prepared under PIPEDA and other related...more
What are the emerging patterns and risks for cybersecurity in Canada, the United States, European Union and Australia? A global panel shared their views and predictions at last week’s 64th Pacific Rim Advisory Council (PRAC)...more
The U.S. Securities and Exchange Commission (SEC) published updated guidance on February 21, 2018, for how and when public companies should disclose cybersecurity risks and breaches. The SEC explains that the additional...more
It's not the kind of news a retail giant wants to make. In May 2017, Target agreed to a $18.5-million settlement to resolve a 47-state investigation into a massive 2013 hack. This settlement put Target's total cost of the...more
Law firms are being vigorously attacked by hackers. This is unsurprising given that law firms are repositories of incredibly valuable and commercially sensitive information about their clients and maintain large sums of money...more
No organization is immune from cyberattacks. They have become an inevitable business risk for companies large and small. In today’s Globe and Mail, the Canada Research Chair in Cybersecurity, Benoît Dupont, says that “even...more
Any system is only as strong as its weakest link. If your employees aren’t up to date on their cybersecurity hygiene, then it doesn’t matter how much money you spend on technological defences—there’s a gap in your protection....more
11/3/2017
/ Authentication ,
Best Management Practices ,
Canada ,
Cybersecurity ,
Data Protection ,
Email ,
Employee Training ,
Mobile Devices ,
Passwords ,
Social Engineering ,
Wifi
Cybersecurity threats to registered firms continue to rise but efforts to protect against those threats and to plan for the inevitable attack are not keeping up....more
The Importance of Detection Once the Enemy Is Past the Gates -
The recently announced data breaches involving Equifax, Deloitte and the U.S. Securities and Exchange Commission underscore that data breaches are a way of...more
The European Union’s General Data Protection Regulation (GDPR) will come into force on May 25, 2018. This new regulation replaces the current data protection law (Directive 95/46/EC) substantially and will bring important...more
The recent global ransomware attack (WannaCry) was yet another reminder of the increased threat posed by cyber breaches. While cybersecurity attacks are inevitable, organizations (and their directors and officers) may still...more
The serious WannaCrypt ransomware worm which ran roughshod over internet connected computers worldwide on Friday and Saturday appears to have been stymied, at least temporarily, by security researchers. In the meantime,...more
Given the increasing threat of cyberattacks and the corresponding costs, businesses are increasingly considering cybersecurity insurance. But insurance is only as effective as the scope of the coverage. Though Canadian...more
Cybersecurity is a significant business risk for any organization that collects personal data. The greater the amount of personal data collected by an organization, the greater the risk that it will be targeted by...more
The most recent information from CSA on cybersecurity is set out in the summary of its roundtable discussion (released April 7, 2017) to explore response to cybersecurity incidents....more
While corporate executives are increasingly becoming aware of their obligation to be informed of cybersecurity threats and the steps being taken by their company to prevent data breaches, it is equally important for...more