No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
The recent decision by the Commission d’accès à l’information du Québec (CAI) regarding a popular grocer’s biometric data project in Quebec has far-reaching implications for other businesses considering or currently using...more
Introduction - As a federal state with law-making powers shared between federal and provincial/territorial governments, Canada has both federal and provincial/territorial privacy laws that govern the private and public...more
ChatGPT—the artificial intelligence-powered chatbot—has been making headlines since its initial release date on November 30, 2022. Most recently, ChatGPT has been the subject of attention in connection with privacy...more
The Ontario Court of Appeal recently released a trilogy of decisions (Winder v. Marriott International, Inc., 2022 ONCA 815; Obodo v. Trans Union of Canada, Inc., 2022 ONCA 814; Owsianik v. Equifax Canada Co., 2022 ONCA 813)...more
A little over nine months after it passed An Act to modernize legislative provisions as regards the protection of personal information (“Bill 64”) overhauling, among other legislation, the province’s public and private sector...more
OSFI, the Canadian Federal Office of the Superintendent of Financial Institutions, on August 13, 2021, issued new guidance on Technology and Cyber Security Incident Reporting, replacing prior guidance of March 2019....more
The Ministry of Service Alberta is seeking public input on the province's statutory privacy protections. This follows Ontario's recent gesture to modernize its privacy framework and request feedback, which we discussed in...more
Federal Privacy Commissioner Calls for Stronger Privacy Protections in Bill C-11 - In November 2020, the federal government tabled Bill C-11, the proposed new private-sector privacy law that would replace the current...more
On April 30, 2021, the Government of Ontario introduced Building a Digital Ontario, the province's new digital and data strategy, which lays the foundation for Ontario to become "the world's leading digital jurisdiction."...more
The Court of Queen's Bench of Alberta, in Setoguchi v Uber B.V., 2021 ABQB 18, recently dismissed an application for certification of a proposed class action resulting from a data breach because there was no evidence of harm...more
Ontario's Ministry of Government and Consumer Services recently announced that it is contemplating new private sector privacy legislation (PSPL) to govern how businesses collect, use and disclose customers' data. The Ministry...more
To mark the one-year anniversary of mandatory breach reporting under the Personal Information Protection and Electronic Documents Act (PIPEDA), the Office of the Privacy Commissioner of Canada (OPC) published a blog post...more
On November 1st of last year, businesses became subject to new mandatory breach reporting regulations under Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act...more
Artificial intelligence (AI) presents numerous opportunities to benefit society; however, the Office of the Privacy Commissioner of Canada (OIPC), together with numerous international counterparts, have been urging the...more
As the digital landscape evolves, and the commoditization of personal information increases, expectations as to what constitutes appropriate consent for the collection, use and disclosure of personal information in Canada are...more
The Office of the Information and Privacy Commissioner of Ontario (OIPC) released its 2018 Annual Report: Privacy and Accountability for a Digital Ontario on Wednesday, July 10, 2019. This report signals a move toward...more
Following the recent legalization of cannabis, private retailers are open for business from coast to coast. While cannabis remains illegal in other jurisdictions, cannabis users' personal information is highly sensitive. In...more
Mandatory privacy breach notification, reporting and record-keeping obligations under Canada’s federal data protection law called the Personal Information Protection and Electronic Documents Act (PIPEDA) will come into force...more
On October 29, 2018, the Office of the Privacy Commissioner of Canada (OPC) published the final guidance intended to assist organizations in complying with the mandatory breach reporting and record-keeping requirements under...more
On the heels of the European Union's General Data Protection law, which went into effect in May 2018, California has enacted the California Consumer Privacy Act ("CCPA")—the result of an 11th-hour compromise between...more
With South Dakota and Alabama’s new statutes, all 50 states and the District of Columbia have now enacted data breach notification laws. The Oregon and Delaware amended statutes will enhance requirements, and Canada’s new law...more
The final Breach of Security Safeguards Regulations (Regulations) under the federal Personal Information Protection and Electronic Documents Act (PIPEDA) were made on March 26, 2018, and published on April 18, 2018. The...more
The Government of Canada has announced that its proposed data breach notification requirements pursuant to the Digital Privacy Act (the “Act”) will take effect on November 1, 2018. The Act amends Canada’s Personal...more
Recently, the Office of the Privacy Commissioner of Canada (OPC) released an important draft Position on Online Reputation (paper). The paper takes the position that current federal privacy legislation, the Personal...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - United States and China Renew Promise Not to Hack - On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more