Seeking input from interested third parties, the Office of the Privacy Commissioner of Canada (OPC) announced a revision to its policy position on transborder data flow under the federal Personal Information Protection and...more
The Office of the Superintendent of Financial Institutions (OSFI) just published an advisory letter for federally regulated financial institutions (FRFI). The advisory sets out OSFI's expectations for FRFI cybersecurity...more
The Toronto Sun reported this morning that the privacy of 4,500 consumers of recreational cannabis in Ontario has been compromised. The names and addresses of individuals purchasing cannabis through the Ontario Cannabis Store...more
This 10-step guide will walk you through the upcoming changes to the Personal Information Protection and Electronic Documents Act (PIPEDA), the factors to consider in being prepared under PIPEDA and other related...more
What are the emerging patterns and risks for cybersecurity in Canada, the United States, European Union and Australia? A global panel shared their views and predictions at last week’s 64th Pacific Rim Advisory Council (PRAC)...more
Almost three years after the Digital Privacy Act was passed, the federal government has finalized regulations on mandatory breach notification, reporting, and recordkeeping for the private sector in Canada. The regulations...more
The U.S. Securities and Exchange Commission (SEC) published updated guidance on February 21, 2018, for how and when public companies should disclose cybersecurity risks and breaches. The SEC explains that the additional...more
It's not the kind of news a retail giant wants to make. In May 2017, Target agreed to a $18.5-million settlement to resolve a 47-state investigation into a massive 2013 hack. This settlement put Target's total cost of the...more
There is a lot of money—both fiat and virtual—in cryptocurrencies.
The growth of these blockchain-based online assets made headlines throughout 2017. The price of Bitcoin, likely the best-known cryptocurrency, rose from...more
Forget you ever read this -
The Office of the Privacy Commissioner of Canada (OPC) declared last Friday that existing privacy laws allow consumers to ask search engines to remove inaccurate search results and to request...more
Law firms are being vigorously attacked by hackers. This is unsurprising given that law firms are repositories of incredibly valuable and commercially sensitive information about their clients and maintain large sums of money...more
No organization is immune from cyberattacks. They have become an inevitable business risk for companies large and small. In today’s Globe and Mail, the Canada Research Chair in Cybersecurity, Benoît Dupont, says that “even...more
The CEO of the popular ride-sharing app, Uber, published a bombshell letter to the public yesterday, stating that two hackers had stolen information from almost 60 million driver and rider accounts in October 2016....more
Any system is only as strong as its weakest link. If your employees aren’t up to date on their cybersecurity hygiene, then it doesn’t matter how much money you spend on technological defences—there’s a gap in your protection....more
11/3/2017
/ Authentication ,
Best Management Practices ,
Canada ,
Cybersecurity ,
Data Protection ,
Email ,
Employee Training ,
Mobile Devices ,
Passwords ,
Social Engineering ,
Wifi
Cybersecurity threats to registered firms continue to rise but efforts to protect against those threats and to plan for the inevitable attack are not keeping up....more
The Importance of Detection Once the Enemy Is Past the Gates -
The recently announced data breaches involving Equifax, Deloitte and the U.S. Securities and Exchange Commission underscore that data breaches are a way of...more
If you are a healthcare data custodian that is subject to a ransomware attack, you may be required to report the incident to regulators and to those individuals whose information was subject to the attack....more
The European Union’s General Data Protection Regulation (GDPR) will come into force on May 25, 2018. This new regulation replaces the current data protection law (Directive 95/46/EC) substantially and will bring important...more
The recent global ransomware attack (WannaCry) was yet another reminder of the increased threat posed by cyber breaches. While cybersecurity attacks are inevitable, organizations (and their directors and officers) may still...more
The serious WannaCrypt ransomware worm which ran roughshod over internet connected computers worldwide on Friday and Saturday appears to have been stymied, at least temporarily, by security researchers. In the meantime,...more
Given the increasing threat of cyberattacks and the corresponding costs, businesses are increasingly considering cybersecurity insurance. But insurance is only as effective as the scope of the coverage. Though Canadian...more
Cybersecurity is a significant business risk for any organization that collects personal data. The greater the amount of personal data collected by an organization, the greater the risk that it will be targeted by...more
The most recent information from CSA on cybersecurity is set out in the summary of its roundtable discussion (released April 7, 2017) to explore response to cybersecurity incidents....more
While corporate executives are increasingly becoming aware of their obligation to be informed of cybersecurity threats and the steps being taken by their company to prevent data breaches, it is equally important for...more
Names, emails, credit card numbers, and home addresses: chances are good that your business collects client data with information that is valuable to hackers on the black market. A hacker will at some point try to access...more