John Cassell (CA)

Subscribe to all posts by John Cassell (CA)

Alberta OIPC’s 2022 PIPA Breach Report – Trends and Key Takeaways

On July 27, 2022, the Office of the Information and Privacy Commissioner of Alberta (OIPC) released its 2022 PIPA Breach Report.[1] The report analyzes the nearly 2,000 breach reports[2] received by the OIPC during   the ten year period since reporting was mandated in Alberta under the Personal Information Protection Act (PIPA)[3]. The PIPA Breach … Continue reading

The aftermath of an incident – business considerations surrounding record-keeping

In our previous publication, we discussed the legal obligations and procedural considerations surrounding maintaining records of privacy incidents. While the specific obligations vary by jurisdiction, maintaining some form of a record that tracks privacy incidents is a statutory obligation for private-sector organizations subject to Quebec, Alberta, or federal laws. Organizations should also be aware of … Continue reading

Bill C-26: a first step at reinforcing Canadian cybersecurity

On June 14, the House of Commons introduced Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts (Bill C-26). This bill is presented in two parts: The first is to amend the Telecommunications Act to promote the security of the Canadian telecommunications system; The second is to enact the Critical Cyber … Continue reading

Federal Privacy Commissioner Published Guidance on What Is “Sensitive” Personal Information

On May 16, 2022, the Office of the Privacy Commissioner of Canada (the “OPC”) released an Interpretation Bulletin (the “Bulletin”) on what it considers to be “sensitive” personal information under the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). The Bulletin is  meant to act as a consolidated guide based on jurisprudence, regulatory findings, … Continue reading

Privacy commissioners take position on using facial recognition technology

Investigative findings In a joint investigation report, the Privacy Commissioner of Canada, together with the commissioners of BC, Alberta, and Quebec concluded that Clearview AI violated Canadians’ privacy rights under federal and provincial privacy laws by scraping billons of images of people available online to be continually used in what amounted to a virtual “police … Continue reading

Office of Privacy Commissioner Says It’s Status Quo on Consent Requirements for Data Processing Transfers

On September 23, the Office of the Privacy Commissioner of Canada (OPC) announced, following consultation with stakeholders, that it will maintain the position set out in its 2009 guidelines that an organization’s transfer of personal information to a third party for processing, including a transfer across the Canadian border, is a “use” of that personal … Continue reading

Draft mandatory data breach reporting regulations released for comment in Canada

On September 2, 2017, the Government of Canada published proposed new regulations in the Canada Gazette, which set out specifics regarding the mandatory data breach reporting requirements under the Personal Information Protection and Electronic Documents Act. The PIPEDA Amendments were passed in June, 2015 but are not yet in force.… Continue reading
LexBlog