OPC Releases Mandatory Breach Reporting Guidance
On October 29, 2018, the federal Office of the Privacy Commissioner (“OPC”) published the final version of its guidelines in connection with mandatory reporting of breaches of security safeguards (the “Guidelines”), ahead of the coming into force of the Breach of Security Safeguards Regulations (the “Regulations”)...
BC Commissioner Releases Cannabis Sales Privacy Protection Guidelines
As a result of the recent legalization of recreational cannabis in Canada, the Office of the Information and Privacy Commissioner for British Columbia (the “OIPC”) published guidelines (titled “Protecting Personal Information: Cannabis Transactions”) that aim to clarify the rights and...
NIST Launches Privacy Framework Initiative
For many years, the cybersecurity framework developed by the U.S. Department of Commerce’s National Institute of Standards and Technology (“NIST”) has been relied upon by organizations around the world as a foundational framework document. Given its success in the cybersecurity...
Canadian Commissioner Seeks Stronger Privacy Laws
Last week, the Office of the Privacy Commissioner (the “OPC”) released its 2017-2018 Annual Report (the “Report”). The Commissioner took the opportunity to raise serious concerns around the adequacy of Canadian privacy laws in the face of an increasingly digital...
Mandatory Breach Draft Guidance Released
On September 17, 2018, the federal Office of the Privacy Commissioner (“OPC”) published its draft guidance about mandatory reporting of breaches of security safeguards (“Draft Guidelines”). The OPC is seeking public comments as it readies itself for a November 1,...
Getting Privacy Due Diligence Right
Increasingly, a key asset that organizations hold is the sensitive data they collect, use and retain about their customers, employees and suppliers. It is, therefore, no surprise that data security and privacy compliance have become a top-of-mind consideration for organizations...
Upcoming Mandatory Breach Notification Refresher
In keeping with the global movement towards increased data protection legislation, as evidenced by the recent enactment of the General Data Protection Regulation (GDPR) in Europe and similar legislation adopted in California and Brazil, Canada will (as of November 1,...
Brazilian GDPR Comes into Force
On August 14, 2018, less than three months after the coming into force of the European General Data Privacy Protection Regulation (“GDPR”), the President of Brazil sanctioned, with partial veto, bill PLC 53/2018, which regulates the protection of personal information...
Legal Considerations of Blockchain Technology
Commonly known as Bitcoin’s underlying technology, blockchain is widely discussed but poorly understood. According to an HSBC global survey, 80% of individuals who have heard of “blockchain” said they do not understand it. While the technology has the potential to...
Canadian Privacy Commissioner says public profiles are private
On June 12, 2018, the Office of the Privacy Commissioner (“OPC”) [1] released its report [2] into Profile Technology Ltd.’s (“Profile Technology”) use of “publicly available” Facebook profiles. The OPC concluded that Profile Technology had not obtained the necessary consents from individuals...
