Seeking input from interested third parties, the Office of the Privacy Commissioner of Canada (OPC) announced a revision to its policy position on transborder data flow under the federal Personal Information Protection and...more
The European Union’s General Data Protection Regulation (GDPR) came into force on May 25, 2018. To assist Canadian organizations with their potential compliance efforts with respect to this legislation, the following is...more
As of August 31, 2018, custodians and their affiliates will have obligations to provide breach notifications under Alberta’s Health Information Act....more
The European Union’s General Data Protection Regulation (GDPR) will come into force on May 25, 2018. To assist Canadian organizations with their potential compliance efforts with respect to same, the following is intended to...more
The Canadian federal government released the proposed Breach of Security Safeguards Regulations under Personal Information Protection and Electronic Documents Act (PIPEDA) on September 2, 2017....more
Facebook, Inc. (Facebook) recently lost a decision before the Supreme Court of Canada regarding the enforceability of the forum selection clause in its standard terms of use. Accordingly, organizations should carefully review...more
By way of an Order in Council dated June 2, 2017, the government of Canada has indefinitely delayed the coming into force of the private right of action under Canada's Anti-Spam Law (CASL)....more
In 2016, cybersecurity continued to grow as a primary business risk for companies worldwide. Data breaches continued to escalate both in number and magnitude and the landscape of legal and regulatory liability evolved and...more
2/10/2017
/ Ashley Madison ,
Bitcoin ,
Breach Notification Rule ,
Canada ,
Class Action ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Popular ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Yahoo!
On July 1st, 2017, organizations communicating electronically under Canada's Anti-Spam Law ("CASL" or the "Act") will lose the benefit of the transitional provisions, and will become subject to the coming into force of a...more
Despite being in force for over two years, many of the key provisions of Canada's Anti-Spam Legislation (“CASL” or the “Act”) remain shrouded in uncertainty. One such provision, for example, is the Act’s due diligence...more
In its first public report of 2016, the Office of the Auditor General of Alberta reviewed, among other things, IT security for industrial control systems used in Alberta’s oil and gas industries (Report of the Auditor General...more
Over the last year, the Canadian Radio-television and Telecommunications Commission (CRTC) has been active in its enforcement actions under Canada’s Anti-Spam Legislation (CASL). As shown by the following summary of...more
On July 27, 2015, the Federal Court conditionally certified a class action with respect to an alleged privacy breach arising from the federal government’s administration of the Marihuana Medical Access Program (the Program)....more
An organization’s information can be put at risk when staff begin to bring their own devices and use them in the workplace. As a result, in such cases, an organization should consider adopting an appropriate “bring your own...more
8/19/2015
/ Best Practices ,
Bring Your Own Device (BYOD) ,
Canada ,
Confidential Information ,
Employer Liability Issues ,
Employment Policies ,
Mobile Devices ,
New Guidance ,
Popular ,
Risk Assessment ,
Risk Mitigation ,
Security and Privacy Controls
On June 18, 2015, significant portions of the Digital Privacy Act received Royal Assent. This Act, amends the Personal Information Protection and Electronic Documents Act (PIPEDA), and brings important certainty to how...more
Following up on its recent $1.1MM CASL enforcement action against Quebec executive training firm Compu-Finder, the CRTC announced today that it has entered into an undertaking with online dating service operator Plenty of...more
On March 5, 2015, the Canadian Radio-television and Telecommunications Commission (CRTC) announced that it had issued a penalty of $1.1 million to Compu-Finder under Canada’s Anti-Spam Legislation (CASL)....more
In 2014, the anti-spam provisions of Canada’s Anti-Spam Legislation (CASL) came into force, creating a wide array of compliance requirements for businesses. CASL prohibits a person from sending or causing or permitting to be...more
There have been a disappointing lack of publicly-reported enforcement actions under Canada’s Anti-Spam Legislation (CASL) since it came into force in July 2014 – in fact, to date there has only been one. Given the ambiguity...more
The provisions of Canada’s Anti-Spam Law (CASL) that regulate the installation of software came into force today, January 15, 2015. These provisions create new compliance burdens for businesses that create, distribute or use...more
From November 10 to 12, 2014, the CRTC provided its interpretation of the software provisions in Canada’s anti-spam law (CASL) in several presentations to industry. The CRTC also posted a specific FAQ about their...more
Canada’s anti-spam law (CASL) is complex and ambiguous, and can result in substantial liability (e.g., a maximum $1,000,000 fine for individuals and $10,000,000 for organizations). Accordingly, many organizations have...more
Canadian registered charities seeking to comply with Canada’s new anti-spam law (CASL) recently received some disappointing news. CASL is a very complex law and many important issues remain ambiguous and uncertain. Several...more
On March 20, 2014, the Ontario Securities Commission (OSC) published for public comment four new prospectus exemptions intended to facilitate capital raising while maintaining investor protection. The proposed exemptions...more
On December 4, 2013, the Honourable James Moore, Minister of Industry announced that Canada’s new anti-spam law (CASL) will come into force on July 1, 2014....more