Le 26 mars 2025, le Commissariat à la protection de la vie privée du Canada (le « CPVP ») a déployé, à l’intention des organisations, un outil d’autoévaluation du risque réel de préjudice grave à la vie privée (l’« outil »)....more
On March 26, 2025, the Office of the Privacy Commissioner of Canada (OPC) released a privacy breach real risk of significant harm assessment tool (Tool) for organizations....more
Responsible organizations understand that privacy governance is essential for the systematic and compliant management of personal data and for maintaining customer and stakeholder trust. In a world where people increasingly...more
The tightening of privacy and data protection compliance obligations in Canada and the United States, has led to increasingly comprehensive “data security and privacy” representations and warranties in purchase agreements, as...more
As of September 22, 2024, the final provision of Law 25, An Act to modernize legislative provisions as regards the protection of personal information, will take effect, establishing a new right to data portability for...more
The ongoing debate surrounding the use of facial recognition technology by law enforcement has sparked concern among legal and AI experts. Several law enforcement agencies in Canada have already adopted the technology, while...more
In late 2021, the Quebec legislature passed “The Privacy Legislation Modernization Act” or Law No. 25 (“Law 25”), which was designed to modernize and make significant changes to Quebec’s existing privacy framework....more
California Privacy Protection Agency Releases Revised Regulations - With the effective date less than three months away, and ahead of a Board Meeting on October 28 and 29, the California Privacy Protection Agency released...more
As states have continued to debate and pass new comprehensive privacy statutes – such as those in Virginia and Colorado – a common refrain from business leaders is the need for a comprehensive federal privacy statute that...more
On June 16, 2022, the government of Canada tabled a bill that would make significant changes to privacy laws impacting employers in the federal jurisdiction. The new legislation, the Digital Charter Implementation Act (Bill...more
Bill 64 largely tracks with already existing privacy regulations in other jurisdictions and will take effect over the course of the next three years, with some provisions taking effect in September 2022. On September 21...more
2021 promises to be an exciting year in the data and privacy space. With the adoption of technologies that collect, analyze, aggregate, distribute and share data, and the implementation of new laws and regulations in...more
On November 17, 2020, the Canadian Minister of Innovation, Science and Industry introduced Bill C-11, the Digital Charter Implementation Act, which proposes a new privacy law called the Consumer Privacy Protection Act (CPPA)....more
The DCIA was introduced on November 17, 2020, to replace Canada’s current national privacy law for the private sector, the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA came into force in...more
At the beginning of 2020, a Federal privacy law, similar to that of GDPR or PIPEDA, was a faint and distant reality. However, in light of some mobile device and other monitoring being considered because of the COVID-19...more
As the digital landscape evolves, and the commoditization of personal information increases, expectations as to what constitutes appropriate consent for the collection, use and disclosure of personal information in Canada are...more
The Internet Society’s Online Trust Alliance (OTA) released a report this week that measured 1200 U.S.-based organizations’ readiness for three major global privacy regulations: the General Data Protection Regulation (GDPR)...more
In this month's Privacy & Cybersecurity Update, we examine several recent U.K.-related cybersecurity developments and the SEC's risk alert reminding investment advisers and broker-dealers to follow through on implementing...more
Recently, the Office of the Privacy Commissioner of Canada (OPC) released an important draft Position on Online Reputation (paper). The paper takes the position that current federal privacy legislation, the Personal...more
As multinational employers are aware, data privacy laws can vary greatly from jurisdiction to jurisdiction. Ensuring compliance with the different requirements can be challenging, and the penalties for noncompliance can be...more
Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) has been amended by The Digital Privacy Act (the “DPA”). DPA updates PIPEDA and modernizes Canadian data privacy and security law. DPA is now...more
On June 18, 2015, significant portions of the Digital Privacy Act received Royal Assent. This Act, amends the Personal Information Protection and Electronic Documents Act (PIPEDA), and brings important certainty to how...more
Franchisors are facing a precarious three-way intersection of increased accountability and regulation over consumer privacy, the growing volume and sophistication of cyber-attacks on consumer data, and the expanding...more
Data security breaches marred the 2013 holiday season for many consumers and retailers. The most famous security breach, at Target Corporation (Target), involved the loss of information on 40 million payment cards and...more