Imran Ahmad (CA)

Subscribe to all posts by Imran Ahmad (CA)

Managing AI risks and legal implications, effective cybersecurity, ensuring privacy and the integrity of organizational records

Photo of Imran Ahmad (CA)Photo of John Cassell (CA)Photo of Maya MedeirosPhoto of Veronique Barry (CA)Photo of Sara A. Levine, KC (CA)Photo of Jesse BeatsonPhoto of Roxanne Caron (CA)Photo of Jeremie Wyatt (CA)By Imran Ahmad (CA), John Cassell (CA), Maya Medeiros, Veronique Barry (CA), Sara A. Levine, KC (CA), Jesse Beatson, Roxanne Caron (CA) and Jeremie Wyatt (CA) on Posted in Artificial Intelligence, Cybersecurity
In a world where generative AI is driving innovation and technology is outpacing legislation, there’s a lot for companies to consider to maintain operational effectiveness and minimize risk. To help provide some guidance, Norton Rose Fulbright Canada hosted its 2023 technology, privacy and cybersecurity virtual summit. Our leading lawyers were joined by prominent industry leaders … Continue reading

PART II: Legislative advances in the world of artificial intelligence, Canada

Photo of Imran Ahmad (CA)Photo of Brian Chau (CA)Photo of Maya MedeirosPhoto of Sarah NasrullahPhoto of Suzie Suliman (CA)By Imran Ahmad (CA), Brian Chau (CA), Maya Medeiros, Sarah Nasrullah and Suzie Suliman (CA) on Posted in Artificial Intelligence, Cybersecurity
On October 5, the Minister of Innovation, Science and Industry (ISED) wrote a letter to the Standing Committee on Industry and Technology proposing amendments to Artificial Intelligence and Data Act (AIDA), which was introduced as part of Bill C-27 in June 2022. Further information on AIDA can be found in our previous update. The letter … Continue reading

Advances in artificial intelligence legislation in Canada (Part I)

Photo of Imran Ahmad (CA)Photo of Brian Chau (CA)Photo of Maya MedeirosPhoto of Sarah NasrullahPhoto of Suzie Suliman (CA)By Imran Ahmad (CA), Brian Chau (CA), Maya Medeiros, Sarah Nasrullah and Suzie Suliman (CA) on Posted in Artificial Intelligence, Cybersecurity
On September 27, the Minister of Innovation, Science and Industry released a voluntary code of conduct specific to generative AI. This GenAI code follows the proposed Artificial Intelligence and Data Act (AIDA), which was introduced as part of Bill C-27 in June 2022 but will not likely be in force until 2025. Beyond risk mitigation, … Continue reading

2023 Technology privacy and cybersecurity summit | 1 November 2023

Photo of Imran Ahmad (CA)By Imran Ahmad (CA) on Posted in Cybersecurity, Privacy law
Norton Rose Fulbright Canada invites you to our annual technology, privacy and cybersecurity virtual summit. Navigating the evolving world of technology is not easy for companies today. From AI to effective company records management, privacy considerations, and cybersecurity breaches, there’s a lot to consider as businesses work to maximize operational effectiveness and minimize risk. Join … Continue reading

Act 25 – Demystifying privacy impact assessments with the CAI’s new tools

Photo of Imran Ahmad (CA)Photo of Veronique Barry (CA)Photo of Roxanne Caron (CA)Photo of Jeremie Wyatt (CA)By Imran Ahmad (CA), Veronique Barry (CA), Roxanne Caron (CA) and Jeremie Wyatt (CA) on Posted in Data Protection, Privacy law
With most provisions of the Act to modernize legislative provisions as regards the protection of personal information (Act 25) having just come into effect on September 22, public bodies and enterprises (organizations) will now need to conduct privacy impact assessments (PIA) during various projects that involve personal information. A PIA is an impact analysis that takes all … Continue reading

Deal-maker or deal-breaker: the legal ins and outs of using AI in M&A

Photo of Imran Ahmad (CA)Photo of Roxanne Caron (CA)Photo of Suzie Suliman (CA)By Imran Ahmad (CA), Roxanne Caron (CA) and Suzie Suliman (CA) on Posted in Artificial Intelligence, Cybersecurity, Data Protection, Intellectual Property, M&A Transactions
Deals involving AI bring about specific and unique issues for consideration during the due diligence process. Understanding the specific challenges created by AI is important for companies to ensure that the AI technology holds genuine value and would not raise red flags during the course of a transaction. Some important advice for companies looking to … Continue reading

Building Cyber Resiliency In the Energy Sector

Photo of Imran Ahmad (CA)Photo of John Cassell (CA)By Imran Ahmad (CA) and John Cassell (CA) on Posted in Cybersecurity, Data Protection
For the energy sector, cybersecurity has been a top-of-mind issue for some time. This is particularly true given some of the high-profile cyber-attacks seen in recent years that have grabbed not only media headlines but also resulted in operational disruption, financial losses and legal exposure. The challenge with cybersecurity is attacker tactics are constantly evolving … Continue reading

Practical steps for businesses to comply with Bill C-27: part 2

Photo of Imran Ahmad (CA)Photo of Shreya GuptaPhoto of Jeremie Wyatt (CA)By Imran Ahmad (CA), Shreya Gupta and Jeremie Wyatt (CA) on Posted in Cybersecurity, Data Protection, Data Transfer, Intellectual Property, Privacy law
In our previous update, we summarized key operational elements that businesses should be aware of under the proposed Consumer Privacy Protection Act (CPPA), and provided practical tips to help businesses comply with these new requirements. As currently drafted, the CPPA codifies a number of best practices and recommendations issued by the Office of the Privacy Commissioner of Canada … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)

Photo of Imran Ahmad (CA)By Imran Ahmad (CA) and Admin on Posted in Cybersecurity, Data Protection, Privacy law
Across the globe, the race is already underway among vehicle manufacturers to develop fully autonomous vehicles (AVs). AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world.  Like other connected vehicles, AVs can also collect and use specific personal information about a driver (e.g., through … Continue reading

Ontario Court of Appeal Limits Application of Tort of Intrusion Upon Seclusion for Cyberattacks

Photo of Travis WalkerPhoto of Imran Ahmad (CA)By Travis Walker and Imran Ahmad (CA) on Posted in Cybersecurity, Data breach, Data Protection, Privacy law
In three recent cases, the Court of Appeal for Ontario effectively curtailed the ability of privacy breach victims to advance claims under the tort of intrusion upon seclusion against organizations for failing to prevent unauthorized access to personal information by third parties. However, while these cases should provide some reassurance that a cyberattack may not … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: Liability in Motor Vehicle Accidents (Part 3)

Photo of Suzie Suliman (CA)Photo of Imran Ahmad (CA)By Suzie Suliman (CA) and Imran Ahmad (CA) on Posted in Cybersecurity, Data Protection
As autonomous vehicle (AV) technology continues to grow in functionality and sophistication, it is only a matter of time before AVs become commercially available across Canada. The arrival of autonomous vehicles in Canada will raise a number of liability-related questions that touch on the areas of owner liability, product liability, and auto insurance. In this … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: Cybersecurity Considerations (Part 2)

Photo of Imran Ahmad (CA)By Imran Ahmad (CA) and Admin on Posted in Cybersecurity, Data Protection
The emergence of autonomous vehicles (AVs) in Canada will present a number of cybersecurity challenges and risks.  AV manufacturers will need to consider these risks and address them early in the design and development process of their products. In this post, we discuss some of the key cybersecurity risks associated with AVs, strategies to mitigate … Continue reading

OSFI’s Technology and Cyber Risk Management Guideline: Part 2

Photo of Imran Ahmad (CA)Photo of Shreya GuptaPhoto of Suzie Suliman (CA)By Imran Ahmad (CA), Shreya Gupta and Suzie Suliman (CA) on Posted in Cybersecurity, Privacy law
In July of this year, the Office of the Superintendent of Financial Institutions (OSFI) released the final version of its Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. FRFIs will need to ensure that they have taken steps to … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: A Primer (Part 1)

Photo of Imran Ahmad (CA)By Imran Ahmad (CA) and Admin on Posted in Cybersecurity, Privacy law
In recent years, autonomous vehicle (AV) technology has undergone rapid development and it is predicted that AVs may soon be in a state to displace human driving altogether. In Ontario, the Automated Vehicle Pilot Program is currently in place to permit the testing of certain AVs by vehicle manufacturers. As AV technology continues to develop, however, … Continue reading

OSFI’s Technology and Cyber Risk Management Guideline: Part 1

Photo of Suzie Suliman (CA)Photo of Shreya GuptaPhoto of Imran Ahmad (CA)By Suzie Suliman (CA), Shreya Gupta and Imran Ahmad (CA) on Posted in Compliance and risk management, Cybersecurity
On July 13, 2022, the Office of the Superintendent of Financial Institutions (OSFI) released its final Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. FRFIs will need ensure that they have taken steps to comply with the requirements … Continue reading

Practical steps for businesses to comply with Bill C-27: Part 1

Photo of Jeremie Wyatt (CA)Photo of Imran Ahmad (CA)Photo of Shreya GuptaBy Jeremie Wyatt (CA), Imran Ahmad (CA) and Shreya Gupta on Posted in Compliance and risk management, Privacy law
The House of Commons recently introduced Bill C-27, the successor to Bill C-11, which died on the docket when Parliament was dissolved in the fall of 2021. Bill C-27 introduces three new acts: the Consumer Privacy Protection Act (“CPPA”), the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act (“AIDA”), which … Continue reading

Alberta OIPC’s 2022 PIPA Breach Report – Trends and Key Takeaways

Photo of John Cassell (CA)Photo of Imran Ahmad (CA)Photo of Miranda SharpeBy John Cassell (CA), Imran Ahmad (CA) and Miranda Sharpe on Posted in Cybersecurity, Data breach
On July 27, 2022, the Office of the Information and Privacy Commissioner of Alberta (OIPC) released its 2022 PIPA Breach Report.[1] The report analyzes the nearly 2,000 breach reports[2] received by the OIPC during   the ten year period since reporting was mandated in Alberta under the Personal Information Protection Act (PIPA)[3]. The PIPA Breach … Continue reading

Bill C-26: a first step at reinforcing Canadian cybersecurity

Photo of Jeremie Wyatt (CA)Photo of Imran Ahmad (CA)Photo of John Cassell (CA)Photo of Tiana Corovic (CA)Photo of Katarina DukeBy Jeremie Wyatt (CA), Imran Ahmad (CA), John Cassell (CA), Tiana Corovic (CA), Katarina Duke and Admin on Posted in Compliance and risk management, Cybersecurity
On June 14, the House of Commons introduced Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts (Bill C-26). This bill is presented in two parts: The first is to amend the Telecommunications Act to promote the security of the Canadian telecommunications system; The second is to enact the Critical Cyber … Continue reading

The aftermath of an incident – why keeping records of data breaches and privacy incidents matters

Photo of Jeremie Wyatt (CA)Photo of Imran Ahmad (CA)Photo of Sara A. Levine, KC (CA)By Jeremie Wyatt (CA), Imran Ahmad (CA) and Sara A. Levine, KC (CA) on Posted in Compliance and risk management, Data breach, Regulatory response
As privacy incidents and security breaches involving personal information become increasingly frequent, organizations are more and more aware of the importance of implementing a robust privacy program to mitigate the risks and impacts of such incidents. While this preparation is important, organizations must also consider the aftermath of a privacy incident. In this first blog … Continue reading

Federal Privacy Commissioner Published Guidance on What Is “Sensitive” Personal Information

Photo of Tiana Corovic (CA)Photo of Imran Ahmad (CA)Photo of John Cassell (CA)Photo of Katarina DukeBy Tiana Corovic (CA), Imran Ahmad (CA), John Cassell (CA), Katarina Duke and Admin on Posted in PIPEDA, Privacy law
On May 16, 2022, the Office of the Privacy Commissioner of Canada (the “OPC”) released an Interpretation Bulletin (the “Bulletin”) on what it considers to be “sensitive” personal information under the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). The Bulletin is  meant to act as a consolidated guide based on jurisprudence, regulatory findings, … Continue reading

Privacy in a Parallel Digital Universe: The Metaverse

Photo of Imran Ahmad (CA)Photo of Tiana Corovic (CA)By Imran Ahmad (CA) and Tiana Corovic (CA) on Posted in General, Metaverse, PIPEDA, Privacy law
For many years, the immersive three-dimensional digital world has been left to the cinematic experience. However, the emergence of the metaverse presents an opportunity to translate everyday activities – working, attending a concert, travelling, shopping, socializing – into a parallel digital universe. The metaverse is an abstract concept that uses a digital environment to permeate … Continue reading

Where data meets IP – Derivative data in M&A transactions

Photo of Imran Ahmad (CA)Photo of Nikita StepinPhoto of Suzie Suliman (CA)By Imran Ahmad (CA), Nikita Stepin, Suzie Suliman (CA) and Admin on Posted in Data Transfer, General, Intellectual Property
With the growth of the high-tech industry worldwide, it is no surprise that more and more transactions involve the transfer of rights to access or control data and derivative data. In our previous update we discussed protecting business data in a commercial context. In the M&A context, this valuable information is either the driving force of … Continue reading

Privacy legislation reform: Bill 64 has now been passed

Photo of Imran Ahmad (CA)Photo of Veronique Barry (CA)Photo of Jeremie Wyatt (CA)By Imran Ahmad (CA), Veronique Barry (CA) and Jeremie Wyatt (CA) on Posted in Compliance and risk management, Cybersecurity, Privacy law
Bill 64, which purports to modernise Québec’s privacy legislation, was recently passed. This sweeping reform of the province’s framework for processing personal information hinges on three main axes: increased obligations for enterprises that collect or otherwise process personal information, the creation of new rights for persons whose information is collected, and the imposition of far … Continue reading

Where data meets IP – protecting business data in a commercial context

Photo of Imran Ahmad (CA)Photo of Nikita StepinPhoto of Suzie Suliman (CA)By Imran Ahmad (CA), Nikita Stepin, Suzie Suliman (CA) and Admin on Posted in Data Transfer, General, Intellectual Property
In our previous publication, we discussed how a business’ data can be protected by characterizing it as intellectual property and protecting it as such. One of the most common ways to protect business data in a commercial context is through license agreements that impose contractual controls on the scope of protection of such data, as … Continue reading
LexBlog