Moving the Goalposts for Canadian Data: Federal Privacy Commissioner Changes Position on Cross-Border Transfers
A high profile data breach involving a US company, Equifax Inc.[i], and its Canadian subsidiary, Equifax Canada Co., along with the coming into force of the European Data Protection Regulation (“GDPR”), appear to be the driving forces behind the Office...
What Exemption? – Pitfalls and Stumbling Blocks in CASL and Privacy Compliance
The Canadian Anti-Spam Law (“CASL”) has been with us now for five years and it has been over 15 years since the Personal Information Protection and Electronic Documents Act (“PIPEDA”) came into force. Then why is CASL and privacy compliance...
Data Breach Reporting Obligations in Saskatchewan
As we have written about in previous articles, data breach notification is now mandatory in Canada for the private sector in all jurisdictions where this was not already the case (e.g Alberta under the Personal Information Protection Act). Data breach...
SME Blockchain Primer
Recognizing the growing importance of distributed ledger technology (commonly known as “Blockchain”) for businesses of all sizes, on December 5, 2018, Miller Thomson LLP published its latest edition of Proof of Stake, a publication dedicated to practical legal considerations when...
OPC Releases Mandatory Breach Reporting Guidance
On October 29, 2018, the federal Office of the Privacy Commissioner (“OPC”) published the final version of its guidelines in connection with mandatory reporting of breaches of security safeguards (the “Guidelines”), ahead of the coming into force of the Breach of Security Safeguards Regulations (the “Regulations”)...
BC Commissioner Releases Cannabis Sales Privacy Protection Guidelines
As a result of the recent legalization of recreational cannabis in Canada, the Office of the Information and Privacy Commissioner for British Columbia (the “OIPC”) published guidelines (titled “Protecting Personal Information: Cannabis Transactions”) that aim to clarify the rights and...
NIST Launches Privacy Framework Initiative
For many years, the cybersecurity framework developed by the U.S. Department of Commerce’s National Institute of Standards and Technology (“NIST”) has been relied upon by organizations around the world as a foundational framework document. Given its success in the cybersecurity...
Canadian Commissioner Seeks Stronger Privacy Laws
Last week, the Office of the Privacy Commissioner (the “OPC”) released its 2017-2018 Annual Report (the “Report”). The Commissioner took the opportunity to raise serious concerns around the adequacy of Canadian privacy laws in the face of an increasingly digital...
Mandatory Breach Draft Guidance Released
On September 17, 2018, the federal Office of the Privacy Commissioner (“OPC”) published its draft guidance about mandatory reporting of breaches of security safeguards (“Draft Guidelines”). The OPC is seeking public comments as it readies itself for a November 1,...
Getting Privacy Due Diligence Right
Increasingly, a key asset that organizations hold is the sensitive data they collect, use and retain about their customers, employees and suppliers. It is, therefore, no surprise that data security and privacy compliance have become a top-of-mind consideration for organizations...
