Mobile apps: What businesses should know a year after the Tim Hortons data tracking scandal
Many businesses are tapping into the digital economy by creating mobile apps to enhance customer experience, build brand awareness, and boost marketing outcomes, which often includes collecting (sometimes very detailed) information from users. However, creating and deploying these apps comes...
AI poses new threats to cybersecurity: How Canadian boards can navigate the evolving cyber risk landscape to stay ahead of the curve
The cybersecurity threat landscape is currently at a time when new threats are continuing to emerge, not the least of which are risks related to the use of artificial intelligence (AI), specifically generative AI. In response, there is increasing pressure...
Meaningful consent and data protection of third-party apps: Federal Court dismisses Privacy Commissioner’s complaint against Facebook
On April 13, 2023, the Federal Court handed down its decision in a case brought by the Office of the Privacy Commissioner of Canada (the “OPC”) against Facebook Inc. (“Facebook”).[1] The case centers around Facebook’s obligations with respect to third-party...
Privacy by Design and its current role in promoting trust in technology
OneTrust DataGuidance
David Krebs and Amanda Cutinha author an article for DataGuidance on Privacy by Design: Digital technology has and is continuing to transform the ways in which we interact with ourselves, each other, and the world at large. However, the benefits...
Failure to prevent a data breach not equal to invasion of privacy: Ontario Court of Appeal shuts the door on “intrusion upon seclusion” tort
The Ontario Court of Appeal has released a new trilogy of cases regarding the privacy tort “intrusion upon seclusion.” Specifically, whether the privacy tort is available as against commercial entities collecting and storing clients’ personal information, where there was a...
Privacy Commissioners call on Health Industry to phase out use of traditional fax and unencrypted email in shift to digital healthcare
On September 21, 2022, the Office of the Privacy Commissioner of Canada released a Joint Resolution of the Federal, Provincial and Territorial Privacy Commissioners and Ombudspersons with Responsibility for Privacy Oversight entitled Securing Public Trust in Digital Healthcare (the “Joint...
A to-do list for incident response
Cybersecurity incidents and data breaches arise without notice. Your organization may have fallen victim to a cyberattack or you may have received notice from a supplier that they have been attacked. Or perhaps a key employee has lost an unencrypted...
Tactical and strategic steps for successful cyber incident preparedness
To kick-off this year’s cyber awareness month, we wanted to present an article that would look back on the past year along with our experience counseling organizations, large and small across all sectors, through the ordeal of cyberattacks, data extortion...
Cybersecurity for Canada’s financial institutions
In the Office of the Superintendent of Financial Institution’s (OSFI) first Annual Risk outlook for Fiscal Year 2022-2023, the OSFI identifies the most material risks which face federally regulated financial institutions (FRFIs). Among the financial risks that the OSFI identifies...
Managing cybersecurity in M&A transactions: How to mitigate risk through due diligence
As companies have become increasingly technology-driven in recent years, a target’s cybersecurity posture has become a key focal point in the diligence process. The COVID-19 pandemic has made this concern particularly acute: notwithstanding that an increasingly large number of people...
