Imran Ahmad (CA)

Subscribe to all posts by Imran Ahmad (CA)

Building Cyber Resiliency In the Energy Sector

Photo of Imran Ahmad (CA)Photo of John Cassell (CA)By Imran Ahmad (CA) and John Cassell (CA) on Posted in Cybersecurity, Data Protection
For the energy sector, cybersecurity has been a top-of-mind issue for some time. This is particularly true given some of the high-profile cyber-attacks seen in recent years that have grabbed not only media headlines but also resulted in operational disruption, financial losses and legal exposure. The challenge with cybersecurity is attacker tactics are constantly evolving … Continue reading

Practical steps for businesses to comply with Bill C-27: part 2

Photo of Imran Ahmad (CA)Photo of Shreya GuptaPhoto of Jeremie Wyatt (CA)By Imran Ahmad (CA), Shreya Gupta and Jeremie Wyatt (CA) on Posted in Cybersecurity, Data Protection, Data Transfer, Intellectual Property, Privacy law
In our previous update, we summarized key operational elements that businesses should be aware of under the proposed Consumer Privacy Protection Act (CPPA), and provided practical tips to help businesses comply with these new requirements. As currently drafted, the CPPA codifies a number of best practices and recommendations issued by the Office of the Privacy Commissioner of Canada … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)

Photo of Liana Di Giorgio (CA)Photo of Imran Ahmad (CA)By Liana Di Giorgio (CA) and Imran Ahmad (CA) on Posted in Cybersecurity, Data Protection, Privacy law
Across the globe, the race is already underway among vehicle manufacturers to develop fully autonomous vehicles (AVs). AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world.  Like other connected vehicles, AVs can also collect and use specific personal information about a driver (e.g., through … Continue reading

Ontario Court of Appeal Limits Application of Tort of Intrusion Upon Seclusion for Cyberattacks

Photo of Travis WalkerPhoto of Imran Ahmad (CA)By Travis Walker and Imran Ahmad (CA) on Posted in Cybersecurity, Data breach, Data Protection, Privacy law
In three recent cases, the Court of Appeal for Ontario effectively curtailed the ability of privacy breach victims to advance claims under the tort of intrusion upon seclusion against organizations for failing to prevent unauthorized access to personal information by third parties. However, while these cases should provide some reassurance that a cyberattack may not … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: Liability in Motor Vehicle Accidents (Part 3)

Photo of Suzie Suliman (CA)Photo of Imran Ahmad (CA)By Suzie Suliman (CA) and Imran Ahmad (CA) on Posted in Cybersecurity, Data Protection
As autonomous vehicle (AV) technology continues to grow in functionality and sophistication, it is only a matter of time before AVs become commercially available across Canada. The arrival of autonomous vehicles in Canada will raise a number of liability-related questions that touch on the areas of owner liability, product liability, and auto insurance. In this … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: Cybersecurity Considerations (Part 2)

Photo of Liana Di Giorgio (CA)Photo of Imran Ahmad (CA)By Liana Di Giorgio (CA) and Imran Ahmad (CA) on Posted in Cybersecurity, Data Protection
The emergence of autonomous vehicles (AVs) in Canada will present a number of cybersecurity challenges and risks.  AV manufacturers will need to consider these risks and address them early in the design and development process of their products. In this post, we discuss some of the key cybersecurity risks associated with AVs, strategies to mitigate … Continue reading

OSFI’s Technology and Cyber Risk Management Guideline: Part 2

Photo of Imran Ahmad (CA)Photo of Shreya GuptaPhoto of Suzie Suliman (CA)By Imran Ahmad (CA), Shreya Gupta and Suzie Suliman (CA) on Posted in Cybersecurity, Privacy law
In July of this year, the Office of the Superintendent of Financial Institutions (OSFI) released the final version of its Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. FRFIs will need to ensure that they have taken steps to … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: A Primer (Part 1)

Photo of Imran Ahmad (CA)Photo of Liana Di Giorgio (CA)By Imran Ahmad (CA) and Liana Di Giorgio (CA) on Posted in Cybersecurity, Privacy law
In recent years, autonomous vehicle (AV) technology has undergone rapid development and it is predicted that AVs may soon be in a state to displace human driving altogether. In Ontario, the Automated Vehicle Pilot Program is currently in place to permit the testing of certain AVs by vehicle manufacturers. As AV technology continues to develop, however, … Continue reading

OSFI’s Technology and Cyber Risk Management Guideline: Part 1

Photo of Suzie Suliman (CA)Photo of Shreya GuptaPhoto of Imran Ahmad (CA)By Suzie Suliman (CA), Shreya Gupta and Imran Ahmad (CA) on Posted in Compliance and risk management, Cybersecurity
On July 13, 2022, the Office of the Superintendent of Financial Institutions (OSFI) released its final Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. FRFIs will need ensure that they have taken steps to comply with the requirements … Continue reading

Practical steps for businesses to comply with Bill C-27: Part 1

Photo of Jeremie Wyatt (CA)Photo of Imran Ahmad (CA)Photo of Shreya GuptaBy Jeremie Wyatt (CA), Imran Ahmad (CA) and Shreya Gupta on Posted in Compliance and risk management, Privacy law
The House of Commons recently introduced Bill C-27, the successor to Bill C-11, which died on the docket when Parliament was dissolved in the fall of 2021. Bill C-27 introduces three new acts: the Consumer Privacy Protection Act (“CPPA”), the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act (“AIDA”), which … Continue reading

Alberta OIPC’s 2022 PIPA Breach Report – Trends and Key Takeaways

Photo of John Cassell (CA)Photo of Imran Ahmad (CA)Photo of Miranda SharpeBy John Cassell (CA), Imran Ahmad (CA) and Miranda Sharpe on Posted in Cybersecurity, Data breach
On July 27, 2022, the Office of the Information and Privacy Commissioner of Alberta (OIPC) released its 2022 PIPA Breach Report.[1] The report analyzes the nearly 2,000 breach reports[2] received by the OIPC during   the ten year period since reporting was mandated in Alberta under the Personal Information Protection Act (PIPA)[3]. The PIPA Breach … Continue reading

Bill C-26: a first step at reinforcing Canadian cybersecurity

Photo of Jeremie Wyatt (CA)Photo of Imran Ahmad (CA)Photo of John Cassell (CA)Photo of Tiana Corovic (CA)Photo of Roohie SharmaPhoto of Katarina DukeBy Jeremie Wyatt (CA), Imran Ahmad (CA), John Cassell (CA), Tiana Corovic (CA), Roohie Sharma and Katarina Duke on Posted in Compliance and risk management, Cybersecurity
On June 14, the House of Commons introduced Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts (Bill C-26). This bill is presented in two parts: The first is to amend the Telecommunications Act to promote the security of the Canadian telecommunications system; The second is to enact the Critical Cyber … Continue reading

The aftermath of an incident – why keeping records of data breaches and privacy incidents matters

Photo of Jeremie Wyatt (CA)Photo of Imran Ahmad (CA)Photo of Sara A. Levine, QC (CA)By Jeremie Wyatt (CA), Imran Ahmad (CA) and Sara A. Levine, QC (CA) on Posted in Compliance and risk management, Data breach, Regulatory response
As privacy incidents and security breaches involving personal information become increasingly frequent, organizations are more and more aware of the importance of implementing a robust privacy program to mitigate the risks and impacts of such incidents. While this preparation is important, organizations must also consider the aftermath of a privacy incident. In this first blog … Continue reading

Federal Privacy Commissioner Published Guidance on What Is “Sensitive” Personal Information

Photo of Tiana Corovic (CA)Photo of Imran Ahmad (CA)Photo of John Cassell (CA)Photo of Katarina DukePhoto of Roohie SharmaBy Tiana Corovic (CA), Imran Ahmad (CA), John Cassell (CA), Katarina Duke and Roohie Sharma on Posted in PIPEDA, Privacy law
On May 16, 2022, the Office of the Privacy Commissioner of Canada (the “OPC”) released an Interpretation Bulletin (the “Bulletin”) on what it considers to be “sensitive” personal information under the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). The Bulletin is  meant to act as a consolidated guide based on jurisprudence, regulatory findings, … Continue reading

Privacy in a Parallel Digital Universe: The Metaverse

Photo of Imran Ahmad (CA)Photo of Tiana Corovic (CA)By Imran Ahmad (CA) and Tiana Corovic (CA) on Posted in General, Metaverse, PIPEDA, Privacy law
For many years, the immersive three-dimensional digital world has been left to the cinematic experience. However, the emergence of the metaverse presents an opportunity to translate everyday activities – working, attending a concert, travelling, shopping, socializing – into a parallel digital universe. The metaverse is an abstract concept that uses a digital environment to permeate … Continue reading

Where data meets IP – Derivative data in M&A transactions

Photo of Imran Ahmad (CA)Photo of Nikita StepinPhoto of Patrick Chou (CA)Photo of Suzie Suliman (CA)By Imran Ahmad (CA), Nikita Stepin, Patrick Chou (CA) and Suzie Suliman (CA) on Posted in Data Transfer, General, Intellectual Property
With the growth of the high-tech industry worldwide, it is no surprise that more and more transactions involve the transfer of rights to access or control data and derivative data. In our previous update we discussed protecting business data in a commercial context. In the M&A context, this valuable information is either the driving force of … Continue reading

Privacy legislation reform: Bill 64 has now been passed

Photo of Imran Ahmad (CA)Photo of Veronique Barry (CA)Photo of Jeremie Wyatt (CA)By Imran Ahmad (CA), Veronique Barry (CA) and Jeremie Wyatt (CA) on Posted in Compliance and risk management, Cybersecurity, Privacy law
Bill 64, which purports to modernise Québec’s privacy legislation, was recently passed. This sweeping reform of the province’s framework for processing personal information hinges on three main axes: increased obligations for enterprises that collect or otherwise process personal information, the creation of new rights for persons whose information is collected, and the imposition of far … Continue reading

Where data meets IP – protecting business data in a commercial context

Photo of Imran Ahmad (CA)Photo of Nikita StepinPhoto of Patrick Chou (CA)Photo of Suzie Suliman (CA)By Imran Ahmad (CA), Nikita Stepin, Patrick Chou (CA) and Suzie Suliman (CA) on Posted in Data Transfer, General, Intellectual Property
In our previous publication, we discussed how a business’ data can be protected by characterizing it as intellectual property and protecting it as such. One of the most common ways to protect business data in a commercial context is through license agreements that impose contractual controls on the scope of protection of such data, as … Continue reading

Where Data Meets IP

Photo of Imran Ahmad (CA)Photo of Nikita StepinPhoto of Patrick Chou (CA)Photo of Suzie Suliman (CA)By Imran Ahmad (CA), Nikita Stepin, Patrick Chou (CA) and Suzie Suliman (CA) on Posted in Data Transfer, General, Intellectual Property
How do you balance sharing and protecting your business’ data? Unlike tangible assets, which can be protected primarily through physical means, intangible assets such as data require additional considerations. One key strategy to protect your business’ data is to characterize, and protect, that data as intellectual property. Data as IP Copyright Original compilations of data … Continue reading

Ontario moves towards introducing new privacy law

Photo of Imran Ahmad (CA)Photo of Liana Di Giorgio (CA)By Imran Ahmad (CA) and Liana Di Giorgio (CA) on Posted in General, PHIPA, PIPEDA, Privacy law
Given global trends in the development of privacy laws and enforcement, Canada and several provinces are looking at modernizing their respective privacy regimes. Ontario’s new proposed privacy law, which would govern commercial activities more broadly than current legislation (i.e., our federal legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), and Ontario’s health privacy … Continue reading

Privacy commissioners take position on using facial recognition technology

Photo of Imran Ahmad (CA)Photo of Sara A. Levine, QC (CA)Photo of Alexis Kerr (CA)Photo of Julie Himo (CA)Photo of Saba Samanian (CA)Photo of John Cassell (CA)By Imran Ahmad (CA), Sara A. Levine, QC (CA), Alexis Kerr (CA), Julie Himo (CA), Saba Samanian (CA) and John Cassell (CA) on Posted in Cybersecurity, Data breach
Investigative findings In a joint investigation report, the Privacy Commissioner of Canada, together with the commissioners of BC, Alberta, and Quebec concluded that Clearview AI violated Canadians’ privacy rights under federal and provincial privacy laws by scraping billons of images of people available online to be continually used in what amounted to a virtual “police … Continue reading
LexBlog