Admin

Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)

Across the globe, the race is already underway among vehicle manufacturers to develop fully autonomous vehicles (AVs). AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world. Like other connected vehicles, AVs can also collect and use specific personal information about a driver (e.g., through … Continue reading

Bring-Your-Own-Device Programs: A Balance Between Privacy and Cybersecurity

By Marisa Kwan, Joseph Cohen-Lyons, Curtis Armstrong and Admin on February 16, 2023 Posted in Cybersecurity, Privacy law

A ”bring your own device” (BYOD) program is a popular arrangement used by employers, whereby employees use their personal devices (e.g., smartphones, laptops, or tablets) for both personal and business purposes. Last year, about two-thirds of Canadian private sector employers had at least one employee using personal devices for business-related activities.[1] While the BYOD approach … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: Cybersecurity Considerations (Part 2)

By Imran Ahmad (CA) and Admin on November 22, 2022 Posted in Cybersecurity, Data Protection

The emergence of autonomous vehicles (AVs) in Canada will present a number of cybersecurity challenges and risks. AV manufacturers will need to consider these risks and address them early in the design and development process of their products. In this post, we discuss some of the key cybersecurity risks associated with AVs, strategies to mitigate … Continue reading

Contracting for Cybersecurity Risks: Mitigating Weak Links

By Tiana Corovic (CA) and Admin on November 9, 2022 Posted in Cybersecurity, Data breach, Data Protection

Managing vendor risks includes putting pen to paper. Organizations are increasingly susceptible to risks outside their controlled IT infrastructure as they engage third-party vendors to manage online platforms and process data. Even though an organization may have little to no control over a vendor’s security practices, it bears the ultimate responsibility for safeguarding its own … Continue reading

Privacy and Cybersecurity Due Diligence Considerations in M&A Transactions

By Admin on October 24, 2022 Posted in Cybersecurity, Data Protection, M&A Transactions, Privacy law

Privacy and cybersecurity practices of target companies are being increasingly scrutinized throughout the due diligence process in M&A transactions. Particularly, buyers want to understand the risk and value inherent in sellers’ data assets and sellers want to manage transactional and post-closing risks. In the course of their privacy and cybersecurity due diligence, buyers should consider … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: A Primer (Part 1)

By Imran Ahmad (CA) and Admin on October 5, 2022 Posted in Cybersecurity, Privacy law

In recent years, autonomous vehicle (AV) technology has undergone rapid development and it is predicted that AVs may soon be in a state to displace human driving altogether. In Ontario, the Automated Vehicle Pilot Program is currently in place to permit the testing of certain AVs by vehicle manufacturers. As AV technology continues to develop, however, … Continue reading

Bill C-26: a first step at reinforcing Canadian cybersecurity

By Jeremie Wyatt (CA), Imran Ahmad (CA), John Cassell (CA), Tiana Corovic (CA), Katarina Duke and Admin on June 22, 2022 Posted in Compliance and risk management, Cybersecurity

On June 14, the House of Commons introduced Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts (Bill C-26). This bill is presented in two parts: The first is to amend the Telecommunications Act to promote the security of the Canadian telecommunications system; The second is to enact the Critical Cyber … Continue reading

Federal Privacy Commissioner Published Guidance on What Is “Sensitive” Personal Information

By Tiana Corovic (CA), Imran Ahmad (CA), John Cassell (CA), Katarina Duke and Admin on May 18, 2022 Posted in PIPEDA, Privacy law

On May 16, 2022, the Office of the Privacy Commissioner of Canada (the “OPC”) released an Interpretation Bulletin (the “Bulletin”) on what it considers to be “sensitive” personal information under the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). The Bulletin is meant to act as a consolidated guide based on jurisprudence, regulatory findings, … Continue reading

Where data meets IP – Derivative data in M&A transactions

By Imran Ahmad (CA), Nikita Stepin, Suzie Suliman (CA) and Admin on January 19, 2022 Posted in Data Transfer, General, Intellectual Property

With the growth of the high-tech industry worldwide, it is no surprise that more and more transactions involve the transfer of rights to access or control data and derivative data. In our previous update we discussed protecting business data in a commercial context. In the M&A context, this valuable information is either the driving force of … Continue reading

Where data meets IP – protecting business data in a commercial context

By Imran Ahmad (CA), Nikita Stepin, Suzie Suliman (CA) and Admin on October 18, 2021 Posted in Data Transfer, General, Intellectual Property

In our previous publication, we discussed how a business’ data can be protected by characterizing it as intellectual property and protecting it as such. One of the most common ways to protect business data in a commercial context is through license agreements that impose contractual controls on the scope of protection of such data, as … Continue reading

Where Data Meets IP

By Imran Ahmad (CA), Nikita Stepin, Suzie Suliman (CA) and Admin on September 27, 2021 Posted in Data Transfer, General, Intellectual Property

How do you balance sharing and protecting your business’ data? Unlike tangible assets, which can be protected primarily through physical means, intangible assets such as data require additional considerations. One key strategy to protect your business’ data is to characterize, and protect, that data as intellectual property. Data as IP Copyright Original compilations of data … Continue reading

Ontario moves towards introducing new privacy law

By Imran Ahmad (CA) and Admin on August 24, 2021 Posted in General, PHIPA, PIPEDA, Privacy law

Given global trends in the development of privacy laws and enforcement, Canada and several provinces are looking at modernizing their respective privacy regimes. Ontario’s new proposed privacy law, which would govern commercial activities more broadly than current legislation (i.e., our federal legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), and Ontario’s health privacy … Continue reading

Privacy commissioners take position on using facial recognition technology

By Imran Ahmad (CA), Sara A. Levine, KC (CA), Alexis Kerr (CA), John Cassell (CA) and Admin on March 11, 2021 Posted in Cybersecurity, Data breach

Investigative findings In a joint investigation report, the Privacy Commissioner of Canada, together with the commissioners of BC, Alberta, and Quebec concluded that Clearview AI violated Canadians’ privacy rights under federal and provincial privacy laws by scraping billons of images of people available online to be continually used in what amounted to a virtual “police … Continue reading

Bill C-11: Canada proposes new data privacy legislation

By Admin on November 20, 2020 Posted in Enforcement

On November 17, 2020, the Minister of Innovation, Science and Industry, Navdeep Bains, tabled proposed legislation in Parliament that aims to overhaul Canada’s data privacy law. Bill C-11, entitled An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to … Continue reading

Data protection and cyber risk issues in arbitration – dealing with regulation, cyber attacks and hacked evidence

By Ben Grant (UK) and Admin on September 20, 2019 Posted in Cybercrime, Cybersecurity, Data breach, Dispute resolution and litigation, General

The GDPR has significantly altered the landscape of data protection. Its broad scope and potentially severe penalties have forced those who hold and process data to take note of its provisions. In certain instances, that will include many in the international arbitration community, such as arbitral institutions. In parallel, cyber attacks and instances of hacking … Continue reading

Major DDoS Attacks Signal Need for Strengthened Cyber Defenses

By Admin on November 3, 2016 Posted in Compliance and risk management, Cybercrime

On Friday, October 21, a series of Distributed Denial of Service (DDoS) attacks were launched against the servers of Dyn, a major DNS host. DNS hosts operate in a manner akin to a switchboard for the Internet, helping to route domain names (e.g., dataprotectionreport.com) to underlying IP addresses (e.g., 104.28.6.115). By attacking Dyn, hackers were … Continue reading

Canada uses anti-spam law to take down Toronto botnet

By Admin on December 4, 2015 Posted in Regulatory response

The Canadian Radio-television and Telecommunications Commission (CRTC) announced on Thursday, December 3, 2015, that it had served its first-ever warrant under Canada’s anti-spam law (CASL, enacted July 2014) to take down a command-and-control server located in Toronto, Ontario, that was being used to distribute Win32/Dorkbot malware.… Continue reading

Ontario to introduce enhanced privacy legislation for healthcare data

By Admin on June 11, 2015 Posted in Regulatory response

The Government of Ontario announced that it intends to introduce amendments to the Province’s Personal Health Information Protection Act (PHIPA) that, if passed, would strengthen privacy rules with respect to health records, make it easier to prosecute offences, and increase fines for privacy breaches.… Continue reading