40% of data breach records insufficient – Canadian Privacy Commissioner releases findings on data breach register inspections
As the Canadian Office of the Privacy Commissioner (“OPC”) signaled it would do at the end of 2019, it completed a targeted investigation of data breach registers at a select number of organizations. The OPC released has now released a...
David Krebs comments in IT World Canada article on data breach class action lawsuit
IT World Canada, “B.C. appeal court green-lights data breach class action lawsuit”
The article discusses a recent decision from the British Columbia Court of Appeal that upholds a lower court decision certifying a data breach class action lawsuit against a trust company: The decision caught the eye of Saskatchewan privacy lawyer David Krebs of...
British Columbia Court of Appeal upholds certification of data breach class action
Following in the footsteps of Jones v. Tsige from the Court of Appeal for Ontario in 2012, the recent British Columbia Court of Appeal decision in Tucci v. Peoples Trust Co. (2020 BCCA 246) appears to be solidifying the future...
Asset tracing and corporate intelligence techniques in cryptocurrency investigations
In the first half of 2018, $1.1 billion USD in cryptocurrency was stolen or trafficked online, with the majority of attacks targeting either regular businesses or cryptocurrency exchanges.[1] By 2019, that figure had jumped to $4.4 billion.[2] Despite these staggering...
Ontario government launches consultations on establishing provincial privacy regime for private sector
On August 13, 2020, the Ontario Government (the “Government”) launched consultations on establishing provincial privacy legislation for the private sector, likely including not-for-profits and charities. The collection, use, and disclosure of personal information is currently governed by federal legislation, the...
Responding to cyber-attacks – lessons for Saskatchewan municipalities from recent data breaches
Privacy concerns are at the forefront of our increasingly digital world, with cybercrime such as ransomware, business email compromise and phishing attacks becoming a noticeable risk for organizations. It is essential for municipalities to understand their minimum responsibilities under Saskatchewan...
European Data Protection Board (EDPB) releases FAQ on “Schrems II”: A primer for Canadian organizations
As we have reported previously, on July 16, 2020, the Court of Justice of the European Union (“CJEU”) released its decision in the case of Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (“Schrems II”), which ruled that...
“Schrems II” decides validity of personal data transfer mechanisms – impact on Canadian organizations
On July 16, 2020, the Court of Justice of the European Union (“CJEU”) released its long-awaited decision regarding the validity of existing personal data transfer mechanisms outside the EU under the General Data Protection Regulation (“GDPR”), the so-called “Schrems II”...
Ransomware attack on cloud-services provider affects charities and not-for-profits
A company that supplies cloud fundraising and accounting software to the charity and not-for-profit sector announced yesterday that it experienced a ransomware attack in May 2020. Blackbaud is the company behind such programs as Raiser’s Edge NXT, eTapestry, and The...
Product Liability and AI: Who’s Really at Fault?
Legal Business World, World Legal Summit Special Edition, p. 82 - 84
The article focuses on the liability implications for artificial intelligence solutions and strategies to mitigate this risk. Artificial intelligence (AI) systems are becoming ever-present in our society. We see Chat-bots deployed to communicate with clients and autonomous vehicles (AVs) utilized...
